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The 'Boss' was able to win the challenge, working in harmony due to the 
efforts of the Carnegie Mellon team. 

Yes, It Can Drive 55 

DARPA prize-winning robotic Chevrolet 
negotiates obstacle course without incident 

BY ALEX HANDY 

Process is everything. For software developers, it's the code that 
matters, but for the manager, the process can mean the differ- 
ence between a weekend fixing broken builds and one spent with 
the kids. 

But for some projects, standard enterprise development 
processes need to be tweaked and adapted to special circum- 
stances. Bryan Salesky found this out when he was tapped to join 
Carnegie Mellon University's Tartan Racing team in mid-2006. 

Salesky led the software team responsible for linking together 
the cameras and sensors aboard Tartan's robotic 2007 Chevrolet 
Tahoe — nicknamed "Boss" — and making them think. On Nov. 4, 
the Boss won the DARPA Urban Challenge, a government-spon- 
sored robotic car competition, by finishing the 55-mile course 
without incident despite numerous traffic obstacles and a brief 
delay due to GPS signal interference. DARPA — the Defense 
Advanced Research Projects Agency — is the central research and 
development organization of the U.S. Department of Defense. 

After years of working with fault-tolerance and railroad sys- 
tems, Salesky currently works for the National Robotics Engineer- 
ing Center (NREC), an autonomous business unit of Carnegie 
Mellon University in Pittsburgh. 

The NREC loaned Salesky out to Tartan Racing last spring as 
the project was being outlined. His team size fluctuated as time 

continued on page 24 ► 



Secure Code Exams? 

New programming council proposes essential 
skills testing, metrics for developers; Java first 



BY DAVID WORTHINGTON 

In the United States, Black Fri- 
day — the day after the Thanks- 
giving holiday in late Novem- 
ber — is the unofficial start of the 
holiday shopping season, and 
millions of consumers are forsak- 
ing long lines at cash registers 
and are entrusting sensitive per- 
sonal information to merchants 
over the Web. Lurking in the 
shadows are criminal hackers, 
who have learned how to profit 
from the vulnerabilities in Web 
applications. 

The consequences of data 
breaches are obvious. Indeed, 
security initiatives are under way 
to ensure that programmers have 



the essential skills to program 
secure applications. The Secure 
Programming Council, a group 
of organizations both corporate 
and governmental working 
under the banner of the SANS 
Institute, wants to make that 
effort universal and is working to 
establish standard metrics for 
secure programming. 

Last month, the council 
announced its first consensus 
document for what will become 
the GIAC (Global Information 
Assurance Certification) Secure 
Software Programmer Certifica- 
tion Exam for Java. The docu- 
ment, "Essential Skills for Secure 
Programming Using Java/Java 



EE," contains criteria for devel- 
opers to demonstrate that they 
have mastered the "minimum 
due standard of care" for secure 
programming in the context of 
security- related tasks. 

Among those tasks are access 
control, application faults and log- 
ging, authentication and session 
management, data handling, 
encryption services, Java types and 
JVM management, and secure 
architecture and coding principles. 

The developer must be able to 
demonstrate an understanding of 
access control in different tiers of 
applications; properly handle 
both expected and unexpected 
continued on page 29 ► 



Large Screen or Small, 
It's 'One Web' for All 

W3C's Berners-Lee sees no limitations 



BY JENNIFER DEJONG 

The limitations of the small 
screen will appear less pro- 
nounced, as co-existence with 
big screens becomes common- 
place. The Web's widespread 
availability on mobile devices, in 
addition to desktop and laptop 
computers, will change the way 
people talk about the Web itself: 
Emphasis will shift from Web 
sites to the services or content 
they offer. 

Those were two observations 



made by World Wide Web inven- 
tor Tim Berners-Lee at the 
Mobile Internet World confer- 
ence in Boston last month. 

"I book a flight on a mobile 
device. And when I walk into my 
office, there it is on a big 
screen," he said. "I am not think- 
ing about [the Web site] www 
.travelocity.com; I am thinking 
about my flight reservation," he 
said. "That's a new level of 
abstraction." 

continued on page 28 ► 




The Web is designed to include 
anything and anyone, says its 
inventor, Tim Berners-Lee. 
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Building Security Into Source Code 

Analysis tool makers say scans should be part of nightly integration 



BY JENNIFER DEJONG 

How do you convince an over- 
worked developer to add anoth- 
er task to a long to-do list? 

Source code analysis tool 
makers have sought to answer 
that question since they began 
selling software for finding 
security flaws a few years ago. 

Recently they have begun 
offering a new answer: Run the 
scan at build time instead of 
insisting developers do the job 
at their desktops. 

"The build server is a power- 
ful place to be," said Fortify 
chief scientist and co-founder 
Brian Chess. "You don't want 
[developers] to tie up their per- 
sonal workstations." 

Incorporating source code 
analysis as part of nightly builds 
helps eliminate issues that will 
surface later, added Ounce Labs 
senior vice president of product 
management Claudia Dent. And 
it makes the task "more palat- 
able to the development team." 

Neither company — nor their 
competitors — suggested that 
running the scanners at build 
time is the sole solution for find- 
ing security flaws. All of them 
said security should be 
addressed at every stage of the 
development process. But the 
build time approach has gained 
attention as source code analysis 
tool makers contend with the 
fact that their offerings have not 
been well received by develop- 
ers. The key objection, as 



SCANNING SOURCE CODE FOR SECURITY FLAWS 



BEST TIME TO 
RUN THE TOOL 


PROS 


CONS 


As the code is written. 


Programmers possess the best knowledge about how 
their code works. 

They gain tool expertise over time. 

Tools plug in to development environments, making analysis available 
on demand. 


Analyzing source code is time-consuming, and programmers are 
already under pressure to deliver projects on deadline. 

To overcome that limitation, source-code analysis tools must be fast 
and easy to use. For large projects, programmers should scan only 
their part of the code. Complete analysis should take place at build 
time or at major milestones. 

Even with training, programmers aren't security experts. 


At build time. 


In most organizations, software projects have a well-defined build 
process, making it a logical time to run the scan. 

Build results can produce reliable reports to use for direct remedia- 
tion and also allow an organization to create recurring, consistent 
measure of a project. 


Programmers may pay little attention to scan results, unless the reme- 
diation process is managed properly. That responsibility often lies with 
the security team, which figures out which findings take priority and 
assigns programmers to fix them. But security team members may lack 
software development savvy, so the two groups don't necessarily work 
well together. 


At major milestones. 


Organizations with well-defined development processes are accus- 
tomed to checkpoints at major milestones, such as a design review. 
Running the tool at these points aligns well with the way they work. 


Developers don't consider security issues until a major milestone-typ- 
ically toward the end of a project-arrives. At that point, other obliga- 
tions may further push security concerns to the sidelines. 



Source: Based on information from "Secure Programming With Static Analysis, " by Brian Chess and Jacob West (Addison-Wesley 2007). 



reported earlier by SD Times, is 
that scans take too long and turn 
up too many false positives. 

Another barrier to adoption 
is that the art of secure coding is 
so new that most professional 
developers working today have 
not been trained in the practice, 
said IBM Watchfire director of 
security research Danny Alan. 

IBM acquired Watchfire 
earlier this year. The company 
developed a penetration testing 
tool, which assesses application 
security by simulating attacks a 
hacker might launch. 

Chess raised the issue of 
running source code analysis at 



build time in "Secure Program- 
ming With Static Analysis," a 
recently published book he co- 
authored with Jacob West. And 
Dent is tackling the topic in a 
forthcoming white paper. 

IBM has also advanced the 
idea. In an October meeting 
with SD Times, IBM Rational 
program manager Ashok Red- 
dy said source code analysis can 
be "cumbersome for develop- 
ers." So IBM is readying its 
Build Forge offering, for 
automating the build process, 
to work with the company's 
source code analysis partners, 
including Fortify, Klocworks 



and Ounce Labs. 

When the scanners run as 
part of the build, developers are 
less likely to resist their use, 
said IBM Rational vice presi- 
dent of marketing Scott Hebn- 
er. "They don't want to break 
the build." 

Forrester analyst Carey 
Schwaber agreed that doing 
static analysis at build time is a 
reasonable approach, but said, 
"I doubt a developer would 
consider a security flaw a bro- 
ken build." 

Coverity open source strate- 
gist David Maxwell said con- 
ducting scans at build time can 



After Year, CodeGear Steers Its Own Course 



BY ALEX HANDY 

It's been just over a year since 
Borland Software split into 
two companies. On its own, 
the developer tools com- 
pany — CodeGear — has built 
new tools for new languages 
and moved its flagship Java 
IDE into Eclipse. With its own 
teams for sales, research and 
management, CodeGear's ship 
may still be owned by Borland, 
but the navigation is distinctly 
independent. 

David Intersimone, vice 
president of developer rela- 
tions and chief evangelist at 
CodeGear, said that having a 
dedicated management team 
makes all the difference in the 
world. "From the standpoint 
of being a startup, and at the 




'The next logical step is 
for the architecture to 
continue to capture the 
structure and evolution 
and logic behind the 
developing of the 
application/ 

rid Intersimone, VP of developer 

relations and chief evangelist 

at CodeGear 



same time being a company in 
developer tools for a long 
time, we've continued to move 
forward and add new capabili- 
ties. The thing that's also been 
great is we've now been run- 
ning as our own organization 



for a year, so having our own 
management team, our own 
R&D team and our own sales 
team has been great." 

For Intersimone, Code- 
Gear's mission is one of 
improving developer produc- 



tivity and communication. 
While Borland focused on 
these as well, that company 
had many other priorities to 
balance, thus muddying the 
waters for the team that would 
eventually become CodeGear. 
Once freed, that team set 
about righting the wayward 
ship. 

Selling IDEs is certainly a 
difficult proposition in this 
post-Eclipse world, but Intersi- 
mone noted that there are still 
problems to be worked out in 
the development environment. 
"We've solved the user inter- 
face part. We've solved the 
database connectivity part. 
We've solved the multi-tier dis- 
tributed computing part. The 
continued on page 26 ► 



help keep developers from get- 
ting overwhelmed by false posi- 
tive results that the scans are 
known to produce. Managers 
can vet the results before 
assigning fixes to individual 
developers. "A [potential vul- 
nerability] might be low priori- 
ty in one app, but not in anoth- 
er," Maxwell said. 

Coverity, which sells a source 
code analysis tool, also co-runs 
with Stanford University the 
Scan Project, which analyzes 
code in open source projects, 
reporting potential security 
flaws to developers who run 
those projects. Last month the 
Scan Project, funded by the U.S. 
Department of Homeland Secu- 
rity, added support for code 
written in Java in addition to that 
written in C/C+ + . 

Fortify's Chess emphasized 
that conducting the scan at 
build time is just one of three 
alternatives. Some develop- 
ment organizations prefer to 
run the tool on the program- 
mer's desktop. Others choose to 
conduct scans only at major 
milestones, such as a design 
review, or when penetration 
tests are completed. 

Chess also said that for large 
projects, asking developers to 
scan the entire codebase on their 
desktops is impractical because it 
takes too long. 

A better approach is to 
break down the project into 
smaller parts, requiring each 
developer to scan only the code 
he has written. I 
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Intel XHL Software Sytte 



The Intel XML Software Suite offers XML libraries that can ease memory management in C++ or Java applications. 

Intel Steps on the Gas for SOA 

New libraries released to accelerate performance 
of XML working with Java, C++ applications 



BY ALEX HANDY 

Intel earlier this month re- 
leased four new XML libraries 
aimed at speeding SOA deploy- 
ments for both Java and C+ + 
developers. The Intel XML 
Software Suite can be dropped 
into application bundles in 
place of existing XML libraries 
that handle parsing, schema 
validation, XPath and XSLT. 

Stephen Pettit, product 
manager for XML software 
libraries at Intel, said that 
these new libraries were moti- 
vated entirely by the compa- 
ny's SOA experience. He said 
that many SOA implementers 



are finding performance bot- 
tlenecks in their architectures 
now that projects are matur- 
ing. "What our solutions do is 
address the real issue: the 
XML itself needs to be 
enhanced. We have a library 
solution that can be used in 
place of existing libraries to 
give them better perfor- 
mance," said Pettit. 

That solution includes an 
XSLT accelerator, a schema 
accelerator for validation, an 
XML parsing accelerator and 
an accelerator for XPath. All 
of these libraries are available 
for either Java or C + + , and 



that fact alone offered some 
challenges for the Intel soft- 
ware team. 

"For Java, it's a drop-in 
replacement for existing 
libraries that uses JAXP [Java 
API for XML Processing]. C+ + 
does not have a de facto stan- 
dard for making XML calls, so 
we've made calls that are simi- 
lar to the JAXP structures. It's 
something developers can use 
quickly," said Pettit. 

The Intel XML Software 
Suite is available for develop- 
ers at US$499. Production- 
level licenses are also available 
for $4,999. I 



Hierarchy Control Comes to AnthillPro 

Urbancode updates build tool's Ul, integration 



BY JEFF FEINMAN 

Urbancode, creator of the 
AnthillPro continuous integra- 
tion build and dependency 
management tool, has over- 
hauled the user interface in the 
latest version. 

AnthillPro 3.4, released in 
late November, features a hier- 
archical project management 
scheme enabling users to orga- 
nize projects, workflows and 
jobs into folders. AJAX support 
is also new in this release. 

The new user interface 
introduces a job library and a 
workflow library, allowing the 
setup of standardized builds by 
reusing life cycle build and 
deployment practices. 



"Customers can create the 
structure of the hierarchy as they 
see fit," said Maciej Zawadzki, 
president of Urbancode. 

AnthillPro 3.4 includes 
updates to its integration with 
the Apache Maven Java pro- 
gramming language project 
management tool. This allows 
users to use AnthillPro's 
Codestation embedded depen- 
dency management system in 
tandem with Maven's reposito- 
ries. Codestation allows reuse 
of large-scale components, 
company officials said. 

Zawadzki called AnthillPro 
"unique to the market" because 
it can offer build and depen- 
dency management, deploy- 



ment automation, test orches- 
tration and release manage- 
ment, all in one tool. Compar- 
ing AnthillPro with rivals in the 
build management market and 
specifically with IBM Rational's 
Build Forge, he said that 
AnthillPro has a life cycle mod- 
el that forms a tie between the 
build process and deployment 
process. 

"Build Forge is more of a 
generic process-automation 
tool, where you can automate a 
process," Zawadzki said. "That 
process may be the build 
process, or it can automate 
deployment separately from the 
build process, but there is no tie 
between the two." I 
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Bill Gates has announced that Microsoft will donate developer soft- 
ware to the National Society of Black Engineers (NSBE). The software 
grant provides NSBE educational chapters with a three-year member- 
ship to the Microsoft Developer Network Academic Alliance, which will 
provide access to more than 100 Microsoft software products, includ- 
ing Microsoft Visual Studio and Microsoft SQL Server . . . Telelogic has 
made available the Rhapsody Model Driven Development environment 
for embedded systems and software via the company's University 
Software Donation Program; among the first schools taking advantage 
of the program is the American University of Sharjah in the United 
Arab Emirates . . . The Software Freedom Law Center (SFLC) has filed 
two more copyright infringement lawsuits on behalf of BusyBox, alleg- 
ing violation of the General Public License (GPL). The suits charge 
Xterasys and High-Gain Antennas with distributing BusyBox illegally 
without providing the source code as reguired by the GPL. Previously, 
the SFLC filed a similar lawsuit against Monsoon Multimedia, which 
was settled out of court in October. 



NEW PRODUCTS 



TechExcel has released two new products focused on requirements 
management in DevSuite. DevSpec is an integrated requirements 
management framework designed to provide visibility and traceability 
in project requirements. DevSpec allows developers to create new 
requirements and specifications that can be linked to development 
and testing implementation projects. The other product, Knowledge- 
Wise, leverages intellectual assets and links ideas and customer feed- 
back to specific areas of a development project . . . FirstSQL database 
product provider FFE Software has released FirstSQL/J Embedded 
Mobile Edition, which is a specialized version of the Java database. 
This edition includes full support for Java Micro Edition and Java Stan- 
dard Edition in small footprint configurations . . . Device software opti- 
mization and real-time operating systems provider Green Hills Soft- 
ware has released its tools for Applied Micro Circuits' Power 
Architecture 405EZ embedded processor. The package . 
consists of Green Hills Power Architecture compilers for j 
generating code, the MULTI integrated development i 
framework and the Green Hills Probe for debugging. 
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Virtualization software provider VMware has released VMware Serv- 
er 2, the latest version of the company's free virtualization product. 
VMware Server 2, now in public beta, introduces a Web-based man- 
agement interface with an embedded virtual machine console, full 
management functionality, and the ability to create customized 
remote console URLs for virtual machine users . . . Elsinore Technolo- 
gies, provider of issue management solutions, has released IssueNet 
4.6. The new release brings a feature called IssueNet Workspace for 
Project, an integration with Microsoft Project that combines issue and 
task management with Project's planning capabilities . . . dtSearch, a 
supplier of enterprise and developer text retrieval software, has 
released version 7.5 of the dtSearch product line. There is a new native 
64-bit version of the dtSearch Engine for Win and .NET, supporting 
.NET 2.0 and 3.0, with full API access to dtSearch's terabyte indexer 
and search functionality, file format and database support . . . SSH 
Communications Security, a provider of enterprise security solutions 
and end-to-end communications security, has released version 6.0 of 
the SSH Tectia tool. The new version has a feature called SSH Tectia 
ConnectSecure, which company officials said 
i expands the range of system platforms that can 
leverage the secure file transfer and transit 
capabilities of the architecture. 



PEOPLE 



Asher Aremband has joined DataDirect Technologies as senior direc- 
tor of research and development for the company's Shadow main- 
frame integration suite. I 
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Serena Does the Mash(up) With Business Suite 



BY JEFF FEINMAN 

Serena Software has pulled the 
covers off its Business Mashup 
suite, which lets developers 
automate business processes 
and design and deploy mashups. 
The first piece of the suite, 



released Dec. 3, is Mashup 
Composer, a visual design appli- 
cation tool that allows business 
analysts to create processes, Web 
forms and other components of 
business mashups, according to 
Nathan Rawlins, senior director 



of product marketing for Serena. 
Those mashups can then be 
deployed to Mashup Server, an 
engine that provides the runtime 
services to help users get their 
mashups ready for deployment. 
Mashup Server can connect to 



other systems and provides Web 
forms, Rawlins said. 

"The two work in tandem to 
deliver business mashups as a 
business solution," he said. 

Serena will also be making 
available 13 prebuilt mashups 
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for free. There will be mashups 
for agile project management, 
case-to-issue scenarios and sales 
discount approval. "If you're 
using Salesforce.com for manag- 
ing your support cases for 
instance, we have a mashup that 
makes it possible for support 
cases to be automatically escalat- 
ed into an issue management 
process," Rawlins said. 

Other mashups are dedicated 
to handling employee records 
and requests, including change 
approval, travel approval and 
employee time off. 

The Business Mashup suite 
was built under the code name 
Vail, a software-as-a-service 
offering that was originally 
announced in mid- September. 
Serena executives had pointed 
to claims by Gartner that by 
2011 SaaS would be a US$50 
billion industry. Rawlins said 
Serena will offer the Business 
Mashup suite as a SaaS offering 
early next year; for now, it is 
deployed on-premise. 

The company has seen what 
it believes are strong numbers on 
the mashup front. It reported 
that more than 1,200 people 
have looked at Mashup Compos- 
er through an online test drive 
that had been available on the 
company's Web site, and more 
than 2,000 people have down- 
loaded the free Prototype Com- 
poser simulation tool for proto- 
typing business applications. 
Prototype Composer, which had 
been part of Serena's Dimen- 
sions offering, became available 
in early November. 

According to Rawlins, most of 
Serena's interest in mashups was 
spurred by its ALM customers. 
"If you think about all the appli- 
cation requests that are coming 
into IT, there are far more re- 
quests that come in than can 
ever be delivered by an applica- 
tion development group," he 
said. "So what you end up seeing 
is that application development 
takes a chunk of those requests 
that are coming in, and they start 
developing them. They tend to 
be the more complex systems, 
and the remainder fall into an 
application backlog, very similar 
to what we saw when everything 
was built on the mainframe. You 
find that most organizations 
have a huge backlog of applica- 
tion requests." 

Serena's goal is to offer a tool 
for nondevelopers to tackle 
some of the less technical 
requests, Rawlins said. I 
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IBM Creates Product Management Centers 



BY JEFF FEINMAN 

IBM is bringing product man- 
agement to a center near you. 

The company has created a 
global network of nine Product 
Lifecycle Management (PLM) 
Centers of Excellence, designed 
to help customers implement 
new technology in shorter time 
cycles. The Centers of Excell- 
ence, announced in mid- 
November, are staffed by more 
than 3,000 IBM researchers, 
9,000 software developers 
and 1,000 consultants. IBM 
enlisted U.S. -based motorcycle 
manufacturer Harley- Davidson 
and Canadian aerospace and 
rail equipment conglomerate 
Bombardier to demonstrate the 
centers' capabilities. 

The centers have opened up 
in Nice, France; Boblingen, Ger- 
many; Beijing, China; Bangalore 
and New Dehli, India; Yamato, 
Japan; Montreal, Canada; and in 
the United States in Dallas, Tex- 
as, and Hawthorne, New York. 

"The centers provide the lab 
environment where [a] clients 
IT architects and application 
programmers work alongside 
IBM software developers to 
learn SOA integration best prac- 
tices," said Bob Norton, program 
director with the IBM Extended 
PLM Industry Solutions Team. 

COMBINING EXPERTISE 

IBM is delving into a market 
segment that company officials 
claim will reach US$80 billion 
by 2010. 

The company has already cre- 
ated Centers of Excellence in 
other areas, including enterprise 
content management and data 
integration, with the goal of 
involving the central software 
development lab staff directly in 
customer projects, and cross-pol- 
linating the IBM field service 
teams by establishing a global 
working environment, Norton 
said. "A Center of Excellence 
brings expertise closer to the 
client and combines expertise 
from all IBM software group 
brands, such as application inte- 
gration from WebSphere, collab- 
oration from Lotus, and software 
development and deployment 
from Rational and Tivoli." 

The Centers of Excellence for 
PLM are already offering semi- 
nars and workshops to IBM's 
business partners. Client execu- 
tives can work with IBM Global 
Services teams to determine the 
steps necessary to incorporate 
PLM into the company's strategy. 



The IBM Product Develop- 
ment Integration Framework 
(PDIF), which was launched in 
December 2006, is a set of inte- 
gration patterns that use IBM's 
SOA technique combined with 
PLM software applications. Each 



center has deployed a set of inte- 
gration patterns using the PDIF 
architecture, but each center 
uses a slightly different mix of 
PLM software and business 
process scenarios, Norton said. 
"The loosely coupled SOA 



integration technique lends itself 
perfectly to a framework archi- 
tecture model that describes 
application connectors, Web ser- 
vices data models and business 
processes that embody an inte- 
grated PLM software environ- 



ment," he added. 

The staffs of the Centers for 
Excellence work with open stan- 
dards for PLM data and process- 
es, so that business processes can 
span multiple enterprise applica- 
tions, company officials said. I 



Intellectuals solve problems. 



Geniuses prevent them. 



— Albert Einstein 
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Set the pace. 

Using the power hi I capabilities of the Aurora XAML Designer as the 
graphical design engine fcr your software applications will save 
you time and money. By embedding Aurora you can enhance the 
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JSF 2.0 Faces Up to Its 
Configuration Troubles 

Spec leads detail five goals for next version 

BY ALEX HANDY 

Sometimes, the cure for one's woes is a 
hard look in the mirror. JavaServer 
Faces is facing up to its own configura- 
tion problems with JSR 314, the specifi- 
cation for JSF 2.0. 

The project, under the auspices of 
the Sun Microsystems-driven Java Com- 
munity Process, already has five primary 
goals: make custom components much 
easier to develop, add first-class AJAX 
support, incorporate a page description 
language based on Facelets into the core 
JSF specification, reduce the required 
configuration, and provide for better 
compatibility among JSF component 
libraries from different vendors. 

Roger Kitain, staff engineer at Sun, 
and Ed Burns, senior staff engineer, are 
co-specification leads on JSR 314. The 
pair hopes to make JSF a clearer path 
between the Web and the complicated 
back-end systems and capabilities Java 
provides. That effort will begin with the 
simplification of the configuration process 
for JSF applications. 

"One of the prob- 
lems people have had 
with JSF is that when 
they sit down and devel- 
op custom components 
with JSF, there are dif- 
ferent things you have to 
[configure] in different areas," Kitain said. 
"You have to remember these different 
areas to piece those together, like compo- 
nent render associations. We're looking to 
simplify all that by making fewer areas to 
keep track of when developing this stuff." 

That means adding in the ability to 
configure components inside of annota- 
tions. It also means having consolidating 
configuration files in easier-to-find 
places, said Kitain. 

For component developers, mixing 
and matching the capabilities of various 
JSF snippets has also been difficult, said 
Burns. "The reason [third-party compo- 
nents] are not playing well together is 
that the JSF 1.2 specification, and earli- 
er, simply did not say what to do [when] 
loading... static resources like scripts or 
style sheets. It didn't say what to do for 



The Road to Java EE 6 
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JSR 314: JavaServer Faces 2.0 
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A key element of JSF 2.0 is configuration, 
says Sun's Kitain. 



JSF remains a stable way to access back-end 
Java components, says Sun's Burns. 

partial tree traversal via AJAX, nor for 
persistence. Each of those component 
libraries had to invent their own solu- 
tions to do that," said Burns. 

Kitain and Burns also stated that 
those components would need to be 
rewritten to work with JSF 2.0. 

In a world where the Google Web 

Toolkit (GWT) has made Java-to-Web 

design as easy as pointing and clicking, 

Burns and Kitain remain confident that 

JSF 2.0 will still hold an 

important place in Java 

Web stacks. 

"I think the usage 

model posed by GWT is 

very intriguing, but 

what I've seen by talking 

to customers is that they 

really can't afford to stay inside that 

intriguing but constrained toolkit Google 

provides. Right now, they have their RMI 

interaction where components can talk to 

POJOs [Plain Old Java Objects] on the 

server," said Burns. 

But when it comes to accessing the 
forthcoming Web Beans, or the Java Per- 
sistence API, JSF will remain a stable and 
mature solution, he added. In fact, the 
forthcoming Web Beans specification, 
JSR 299, is closely tied to JSF 2.0. 

Perhaps the most significant change 
to JSF 2.0, however, is a piece that Burns 
and Kitain have already begun coding. 
"For the first time in Java EE, we'll have 
a concept of a software development life 
cycle. The developer can say, 'Now I'm 
in debug mode, or development mode,' 
and the runtime will know that 'since the 
developer is telling me this, I can give 
advanced error messages and advanced 
stack traces.' If you set that flag to pro- 
duction mode, you'll see friendlier error 
messages," said Burns. 

JSF 2.0 should arrive as an early 
draft specification early next year. JSR 
314 is part of the larger effort toward 
Java EE 6, and it's hoped that the com- 
pleted specification and reference 
implementation will arrive alongside 
that specification. I 




Mild-Mannered ALM, 
Super Quality 

Developing quality software requires a heroic effort, from tracking thousands of the tiniest details, 
to keeping team communication flowing smoothly. 

TestTrack Studio 2008 powers the application lifecycle, automating processes and keeping track of 
issues, change requests, test cases, and test results. With TestTrack Studio 2008, you have the 
tools and the time to prioritize, communicate, and track the status of your projects more 
effectively, without breaking a sweat. 

Let TestTrack Studio 2008 do the heavy lifting-Be a superhero! 



Seapine Software 



Download your fully functional evaluation 
software now from www.seapine.com/tts08 
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iTKO Stepping Up to 'ALM 2.0' 



Positions LISA testing tool as next phase of visualization 

BY DAVID WORTHINGTON The latest application: letting ronment, a new solution from constructed synthetically from 

Virtualization continues its dev teams work in parallel. iTKO. WSDL models or are modeled 

inexorable march into the soft- That's what's being offered According to the company, after existing services and other 

ware development department. by LISA Virtual Service Envi- LISA VSE virtual services are underlying services such as 




databases, enterprise service 
buses or Java objects. Virtual 
endpoints define virtual loca- 
tions for services that need to 
be invoked. 

Aside from lowering the 
number of test beds, reducing 
licensing costs and contention 
on hardware, iTKO says that 
the LISA VSE lets teams vali- 
date SOA implementations 
across heterogeneous technolo- 
gies as opposed to developing a 
selected service or middleware 
layer in isolation. 

iTKO coined the term ser- 
vice-oriented virtualization at a 
mid-November conference at 
which it offered the strategy 
behind the release of LISA ver- 
sion 3.6 in October. LISA is 
iTKO's SOA testing framework. 

'WAVE TO FOLLOW 

A virtualized services environ- 
ment is a "big thing" and virtu- 
alization is the "wave to follow," 
remarked Theresa Lanowitz, 
founder of analyst firm Voke. 
"What you see is most people 
are talking about virtualization 
from [the] point of view [of] 
data center and server consoli- 
dation... saving energy, re- 
sources, space, etc. What iTKO 
is doing is a unique offering that 
takes it a step further. The 
virtualized service environment 
will allow decoupling of devel- 
opment and testing teams 
from dependency on deployed 
services." 

Lanowitz added that accura- 
cy is key. "iTKO is doing heavy 
lifting around services. With 
LISA you can do introspection 
on characteristics [of the ser- 
vice's behavior] — not just play- 
back. It's real in how you test 
against services." 

Chris Kraus, product manag- 
er at iTKO, said that more pro- 
tocols will be supported with 
each new version of VSE to dri- 
ve toward interoperability with- 
in the test bed. He added that 
future releases of LISA would 
tie into the governance life cycle 
and have further automation of 
modeling and testing, to facili- 
tate provisioning the environ- 
ment around the application. 

Lanowitz predicted that vir- 
tualization will continue to 
move up the stack in testing. 
"The cost and time savings are 
immediate; this is a new para- 
digm for development and test- 
ing," she said. "We are seeing 
the early effects of virtualiza- 
tion in the application life cycle. 
It will be a huge part in the next 
24 months. Call it Application 
Life Cycle 2.0." I 



Innovations by InterSystems 



Embed the ability to scale. 




For software developers seeking competitive advantages, InterSystems Cache® makes applications more 
valuable by increasing their speed and scalability, while decreasing hardware and administration require- 
ments. This is the fastest database engine you can put in your applications, and it's the only database that 
gives you the combined benefits of object and relational technologies. Thanks to its innovative architec- 
ture, Cache spares Java and .NET programmers a lot of tedious work by eliminating the need for object- 
relational mapping. Cache is available for Unix, Linux, Windows, Mac OS X, and 
OpenVMS - and it supports MultiValue development. Cache is deployed on more than 
100,000 systems worldwide, ranging from two to over 50,000 users. Embed our inno- 
vations, enrich your applications. 
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Compuware's Single Face for Developers 



Uniface 9.2 APS offers way to bridge mobile, enterprise worlds 



BY DAVID WORTHINGTON 

Todays business users want data 
access anywhere at any time. 
Consequently the onus has fall- 
en on enterprise developers to 
target multiple channels from 
the desktop to mobile devices 
and Web services. Compuware 
believes that it has a solution to 
make that task less burdensome 
by reducing a programmer's 
need for platform-specific 
knowledge. 

ONE ENVIRONMENT 

Last month, Compuware 
announced the immediate 
availability of Uniface 9.2. The 
Uniface Application Platform 
Suite (APS) provides a single 
environment for application 
development, business process 
management, integration and 
user interface creation. 

The APS is composed of 
Uniface Flow, for process mod- 
eling and design; Uniface JTi 
(Java Thin-client Interface), for 
deploying network applications; 
Uniface View, a portal develop- 
ment framework; and the Uni- 
face Web Application Server. 

Uniface 9.2 includes new 
mobile functionality to support 
Microsoft Windows Mobile and 
wireless connectivity. Further 
improvements are support for 
Web services standards such as 
SOAP, WSDL and XML 
Schema, and a mashup maker 
for building composite applica- 
tions. It is WS-I -compliant. 

Uniface product manager 
Ton Blanker noted that Flow has 
been scaled upward to support 
more simultaneous users and 
has an updated look-and-feel. 

Various versions of Uniface s 
high-level Proc language target 
different platforms to keep the 
programmer within the bound- 
aries of a particular platform, 
said Blanker. Uniface assembles 
the software infrastructure while 
the programmer writes the logic. 

The Uniface platform sup- 
ports the Adobe Flex, IBM 
iSeries, Linux and Microsoft 
Windows execution environ- 
ments, and on the data side, 
IBM DB2, Microsoft SQL Serv- 
er and Oracle Database. The 
Proc language helps developers 
to deploy applications without 
drilling down into the respective 
APIs of the target platform. 

Blanker explained that there 
is a difference in how Uniface s 
runtimes execute Proc code in 



client environments versus 
Web services setups. The data 
and operations of services are 
defined with the Uniface appli- 
cation model. Events are tied to 



the modeling environment to 
trigger operations at the pre- 
sentation layer. 

"The world of mobility and 
enterprise applications has been 



almost completely separated, 
but these areas are beginning to 
converge at the architectural, 
application development (AD) 
and user interaction levels," 



wrote Gartner research vice 
president William Clark in a 
blog earlier this year. "Mobile 
applications pose a unique set of 
challenges... and these must be 
considered along with Web- 
centric AD strategies so IT can 
choose architectures that match 
user requirements, device capa- 
bility and network availability." I 




Faster, More Interactive Charts for .NET Applications 

New Interactive AJAX Features and High -Performance Rendering Engine 
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Former ActiveGrid Makes Waves With App Studio 

Framework update launches with new name and new Web development tools suite 



BY ALEX HANDY 

In an effort to shift the tides of 
fortune, ActiveGrid announced 
late last month that it would be 



changing its name to Wave Mak- 
er. The company unveiled ver- 
sion 3.0 of its newly renamed 
WaveMaker Rapid Deployment 



Framework the same day, joined 
by a new product, WaveMaker 
Visual Assembly Studio 3.0. 
The company's flagship 



deployment framework has 
been refreshed from version 
2.5 with the addition of hooks 
for existing identity manage- 
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Now Adding Advanced Editor and SpellCheck Controls, and Mare! 
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ment systems and a new path to 
deployment that runs through 
Visual Assembly Studio. 

That studio is a Web-based 
AJAX and Web development 
suite billed as "PowerBuilder 
for the Web." Developers can 
put together applications from 
existing code snippets included 
with it. Visual Assembly Studio 
is based on software that the 
former ActiveGrid acquired 
when it purchased TurboAjax 
Group in September. 

"Developers want easy-to- 
use, data-driven, visual tools 
that can build scalable Web 
applications that meet CIO 
requirements," said Christo- 
pher Keene, CEO of Wave- 
Maker, in a statement announc- 
ing the products. "We created 
Wave Maker's new flagship 
product line to simplify the 
development process, acceler- 
ate assembly and deployment 
time, and dramatically improve 
business productivity — all di- 
rectly impacting an enterprise's 
bottom line." 

The Visual Assembly Studio 
is now the preferred method 
for preparing applications for 
deployment across grids, 
claimed Rick Saletta, Wave- 
Maker's director of marketing 
and product management. Stu- 
dio also includes close integra- 
tions with and support for the 
Dojo AJAX framework. 

Both WaveMaker Visual 
Assembly Studio 3.0 and Wave- 
Maker Rapid Deployment 
Framework 3.0 were slated to 
become available on Dec. 14. 
The studio is available as a free 
download, and a beta version 
is currently available at www 
.wavemaker.com. Full installa- 
tions of WaveMaker Rapid 
Deployment Framework start at 
around US$25,000. 1 
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Spring 2.5 Arrives for Winter 

Renamed support company backs annotation configuration 



BY ALEX HANDY 

Spring arrived on Nov. 19, just 
in time for winter. 

This seasonal 2.5 update to 
the popular enterprise Java 
application framework brings 
annotations into the forefront 
of configuration. Behind the 
framework, its parent company 
has rebranded itself: On the 
same date, Interface21 became 
SpringSource. 

Johnson, the creator of the 
Spring framework and CEO and 
founder of the now-renamed 



SpringSource, said that the 
changes in Spring 2.5 allow for 
more flexibility of configuration. 
"Spring traditionally has 
focused on allowing users to 
configure their code through 
externalizing configuration in 
XML files. This means you can 
change the configuration of 
your application without recom- 
pilation," said Johnson. That 
was fine back in the days of Java 
1.4, said Johnson, but with the 
release of Java 1.5, annotations 
popped onto the scene. "There 



are times when configuration 
doesn't change so often, where 
it's appropriate to place the con- 
figuration along with the code." 

For these types of situations, 
Spring 2.5 allows users to simply 
include the configuration infor- 
mation in the code through 
annotations. 

This gives Spring 2.5 users 
"the ability to mix and match 
configurations from different 
sources: some in XML files, 
some in source level annota- 
tions. The Spring container will 



merge all those sources of con- 
figuration. Spring will automat- 
ically scan your class path and 
analyze classes to find annota- 
tions of interest," said Johnson. 
Johnson pointed out that 
Spring 2.5 is still compatible 
with all previous versions of the 
framework. It requires Java 1.4 
or higher, and with the release 
of 2.5, is available as OSGi bun- 
dles. That means an application 
can be updated to Spring 2.5 
without any downtime at all, 
provided OSGi is in the applica- 




Users can now mix and match 
configurations from different 
sources, says CEO Rod Johnson. 

tion server being used. 

SpringSource offers classes, 
support and consulting services 
for Spring developers. The new 
name is accompanied by a new 
URL as well: www.springsource 
.com. I 




Magnetic Drum 
Storage Device, 
circa 1951 

ERA 

Magnetic drum storage 
units were some of the first 
randomly accessible types 
of memory. These formed 
the mainstay of RAM in 
some of the cheaper com- 
puters of the 1950s, such 
as the IBM 650, until mag- 
netic core memory was 
developed. 




OF CABLES, GEARS AND DRUMS 

The 10th annual Vintage Com- Nov. 3-4. Machines from the puting industry. Here are some 

puter Festival was held at the 1950s through 2007 were on of the highlights that were 

Computer History Museum display, giving visitors a view on display at the event and at 

in Mountain View, Calif., on into the early days of the com- the museum. 
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GPS Analog Computer, circa 1950 
GPS Instrument Company 

This analog computer could be expanded through the addition of 
new components, which would be plugged into one another behind 
and in front of this complex panel. The machine essentially was a 
complex modular calculator that could add operations and func- 
tions with the plugging in of a cable and the turning of a knob. 








Grundy Business Systems 

When the BBC put out a call for British technology 

companies to design a marketable home computer, IfHflfiflDBBIISQBIIH 
Grundy Business Systems responded with this small IBIBBlSiDDBBB 
machine. It is arguably one of the first laptop-like QOfliWBOIOBIBD 

machines, other examples of which arrived that same flBBfl ■ ■■ ■■ ■ 1 
year. When the BBC rejected the Grundy design, flflflfl^^BIOBtB 




around 500 or so of the machines were manufac- 
tured independently under the name NewBrain. Defining this and other devices released the sar 
year as the first true laptops makes 2007 the 25th anniversary of the portable computer. 


ne 



Differential Analyzer, circa 2007 

Tim Robinson, www.meccano.us 

Every year at the Vintage Computer Festival, Tim Robinson builds a 
new gears-and-numbers creation from the British version of an 
Erector Set. This year, he built a differential analyzer, and the 
device was clicking away madly as it automatically drew out the 
results of differential eguations on this pad of paper. William Thom- 
son originally laid out the principle behind this device in 1876, 
though he was never able to build it. It wasn't until 1930 that Van- 
nevar Bush was able to build the device at MIT. Now, Robinson con- 
structs variations on the design to entertain at technology events. 







One of the biggest draws at the 
Vintage Computer Festival is the 
marketplace room, where old 
eguipment and software can be 
purchased for garage sale prices. 
But no one seemed interested 
in purchasing these two copies of 
SCO OpenServer, which sat un- 
touched next to these typewriters. 
Both technologies are now rele- 
gated to the scrap heap of history. 



Business Objects 
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DEFY THE LAWS OF REPORTING, 



Add nw levd 5 of decision support, stunning visualization 
and nch interactivity to your applicafions. Discover the 
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viewing experience and a free runtime for unlimited 
Internsl report engine deployment. 

Add Crystal Reports to your development tool kit and.. 

1 Enable What- If analysis with Xcefsius components, 
right on your reports (as shown). 

* Guide report exploration with on- report sorting, 
filtering and reformatting without re- hitting your 
database. 

* Embed Flash files for stunning visualizations and 
powerful- decision support 







Explore the new laws of reporting from Crystal Reports. 
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Is your .NET server 
farm at its peak? 

Today's architects and developers 
have discovered distributed 
caching ... have you joined them? 

ScaleOut StateServer gives your 
applications a big performance 
boost while safeguarding your data 
We take care of all the details, 
making it easy to harness the 
power and scalability of distributed 
caching. 

Let our next generation technology 
help put you on Ihe path to 
success, 

ScaleOut 
StateServer 3 



Distributed Caching 
for .NET Servar 
Farms 
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WS02 ESB Goes 
With the Workflow 

Ability to schedule jobs is new to bus 



BY DAVID WORTHINGTON 

WS02, a company that produces open 
source middleware for Web services, has 
added job scheduling capabilities to its 
enterprise service bus with the aim of 
helping it work proactively for business 
users. 

Version 1.5 of the WS02 enterprise 
service bus (ESB) shipped in mid- 
November. It is based upon the Apache 
Synapse 1.1 ESB; however, the company 
adds a graphical user interface and a ser- 
vice registry with repository. 

The update addresses caching, per- 
formance and message augmentation, 
and supports new data targets, file sys- 
tems and the XQuery language. It also 
includes the Quartz Job Scheduling 
Framework. 

Paul Fremantle, vice president of 
technical sales at WS02, said that the 
ability to initiate activities at specified 
intervals, instead of reacting to work, 
was key to the release. Quartz is used to 
schedule jobs that drive workflows, facil- 
itate reporting and perform system 
maintenance. 

Reworked service caching enables 
the ESB to cache responses from ser- 
vices and reply to further requests of the 
same type, increasing scalability and 
protecting against throttling or denial- 
of-service attacks. Logging and tracing 
have been overhauled to support ser- 
vice-level logs and track particular medi- 
ation paths. 

In this release, messages may be aug- 



mented with information from a data- 
base, and conversely, may update fields 
within a database based on service inter- 
actions. This behavior is made possible 
by the addition of DB Report and 
DB Lookup mediators. 

Fremantle explained that message 
augmentation is useful, for example, to 
look up a customers order number as a 
message comes in, and then add an 
internal order identifier into the mes- 
sage. "This capability is very important 
in enabling an existing system to be 
exposed to partners without exposing 
the full internal details of that system," 
he said. 

A file system adapter based on the 
Apache Jakarta Commons VFS project 
provides a single API for accessing dif- 
ferent file systems, including local, 
HTTP, WebDAV and FTP sites. 

Moreover, messages may now be split 
and exaggerated together. Splitting mes- 
sages makes it possible to process com- 
posite or large messages in parallel 
whether it is for aggregation, batch pro- 
cessing or message transformation. 

"This can be an important bridge 
between batch systems and real-time 
systems," Fremantle noted. 

The ESB's new command pattern for 
Plain Old Java Objects makes it possible 
to write message mediators that distin- 
guish logic from the message format. 
Developers can use XQuery to manipu- 
late data from XML messages passing 
through the ESB. I 



CENZIC MAKES TESTING CONTINUOUS 

Teams with VMware to create virtual risk assessment 



BY JEFF FEINMAN 

Cenzic has jumped on the visualiza- 
tion bandwagon by teaming up with 
VMware in the latest version of Cenzic 
Hailstorm Application Risk Controller 
(ARC). 

Cenzic Hailstorm ARC 5.5, which 
was expected to be released on Dec. 
10, has integration capabilities with the 
EMC subsidiary's VMware Lab Man- 
ager and VMware Virtualization 
Center, which offer what Cenzic calls 
the ability to continuously test produc- 
tion applications in a virtual environ- 
ment without the risk of disrupting the 
environment. 

Users can see virtualized machines in 
the Hailstorm ARC interface with appli- 
cations sitting on them, company offi- 
cials said. Cenzic claims that more than 
400 new application vulnerabilities 
appear each month. 



The virtual machines can use attacks 
from Hailstorm ARC to run tests and 
report results into Hailstorm's dash- 
board. 

"In enterprises today, companies 
typically virtualize applications during 
the QA stage and put them into pro- 
duction, while other companies take 
snapshots of the production applica- 
tion," said Mandeep Khera, vice presi- 
dent of marketing for Cenzic. "Our 
integration allows users to continuous- 
ly test applications that have been pre- 
viously virtualized, or use VMware to 
take a snapshot of the application, put 
it on a virtual machine, and then test 
that with Hailstorm." 

Khera said that Cenzic chose to inte- 
grate with VMware because of its large 
installed base, including what VMware 
claims to be every one of the Fortune 
100 companies. I 
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BigLever Ratchets Up Gears Framework 



BY JEFF FEINMAN 

BigLever Software has brought 
out version 5.4 of Gears, adding 
APIs for integrating develop- 
ment tools to its automatic prod- 
uct configuration tool. 

Gears 5.4, released in late 
November, offers extended 
framework APIs for integrating 
development tools that use inter- 
nal data models and databases. 
Gears employs the production 
line approach with a customers 
software portfolio, using feature 
profiles and blocks of software in 
a fashion similar to the way an 
automobile factory can build 
numerous variations on a design. 

The release also has an ex- 
pansion of built-in text transfor- 
mations to ease migration from 
source code used in legacy soft- 
ware assets and programming 
language-specific block con- 
structs to enable conversion of 
ad hoc source code block con- 
ventions into Gears variation 
points. 

"If you think of runtime 
blocks, where you might have 
configuration files that have cer- 

Curl Tangles 
With Services 

BY JEFF FEINMAN 

Rich Internet application plat- 
form provider Curl in early 
November released a public 
beta of Curl RIA platform ver- 
sion 6.0, which brings a number 
of new design features and 
methods for creating mashups. 

This release comes with 
expanded user interface capabil- 
ities, and supports JavaScript 
and Curl's own APIs for build- 
ing new enterprise mashups. 
One new feature is a "skinning 
package" that provides a prede- 
fined style sheet, custom images 
and gradients. 

The new version provides 
access to features such as alpha 
blending for transparency, with 
advanced rendering APIs. To 
build mashups, Curl applications 
can make calls to JavaScript APIs 
in a Web page and can be con- 
trolled in the page. According to 
Erica Dennett, a spokeswoman 
for Curl, this feature, along with 
the ability to parse and create 
data streams in JavaScript Object 
Notation, or JSON, makes it easy 
to create applications that mix 
Curl with generally available 
Internet services. I 



tain settings, and then your 
source code has blocks being 
controlled in ad hoc ways, what 
we're doing is providing these 
language-specific blocks to 
replace runtime conditionals," 



said Charles Krueger, CEO of 
BigLever, speaking of the block 
constructs. 

The framework provided by 
Gears allows the software pro- 
duction line to flow smoothly by 



eliminating silos that might 
occur if companies were to 
employ product line methods at 
individual stages of the life cycle, 
Krueger said. 

"As organizations mature in 



their understanding of software 
product line engineering, the 
issue of an integrated life cycle 
becomes increasingly impor- 
tant," he said. "The product line 
problem cannot be solved at any 
one stage. To be effective, a soft- 
ware product line approach 
must harmonize the entire life 
cycle end-to-end." I 




RadControls 



FORASP.NET 
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• Super-light navigation controls with semantic rendering 

• Effortless application skinning, Office 2007 themes included 

• Hundreds of examples and videos, 580-page self-paced tutorial 

• Widest cross-browser compatibility on PC and Mac 

• Full integration with Microsoft SharePoint 2007 (MOSS) 

• Industry-leading technical support 
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HP Busy With Business Service 



BY JEFF FEINMAN 

Hewlett-Packard is mixing to- 
gether business service manage- 
ment and IT service manage- 
ment into one integrated suite. 
HP last month announced 



Automated Operations 1.0, a 
suite of tools intended to help 
transform IT operations by 
automating the life cycle of man- 
aging business services. Auto- 
mated Operations 1.0 is part of 



HP's Business Technology Opti- 
mization (BTO) portfolio, which 
is filled by HP Project and Port- 
folio Management in the "strate- 
gy" category, HP Quality Center 
as part of "applications," and the 



"operations" part of BTO. The 
latter consists of HP's Business 
Service Management, IT Service 
Management and Business Ser- 
vice Automation products, which 
cover both client automation and 




data center automation. 

According to HP, the new 
Automated Operations 1.0 suite 
brings those three categories 
together, and helps IT organiza- 
tions dramatically lower day-to- 
day costs of operations by 
automating operational func- 
tions and IT processes across 
the service management life 
cycle. The suite's purpose is to 
assist in every technology 
domain, said Sharmila Shahani, 
chief marketing officer of BTO 
products. "We are addressing 
the management of everything 
from servers, network devices, 
storage [and] the application, as 
well as the underlying software 
infrastructure across physical 
and virtual domains." 

LINING UP THE PIECES 

HP's new Business Service 
Automation software allows 
organizations to automate opera- 
tions across applications and 
servers. Products in the BSA 
lineup that are now available 
include Server Automation 7.0, 
Network Automation 7.0, Oper- 
ations Orchestration 7.0, Service 
Automation Visualizer 7.0, Ser- 
vice Automation Reporter 7.0, 
Live Network 7.0 and Applica- 
tion Storage Automation 1.0, 
which is bundled with Storage 
Essentials 6.0 to form HP's new 
Storage Automation offering. 

HP's client automation and 
data center automation pack- 
ages, which make up HP Busi- 
ness Service Automation, are 
now integrated at the process 
level with a product called Oper- 
ations Orchestration, which was 
acquired in HP's September 
purchase of Opsware. Opera- 
tions Orchestration integrates 
different products so the busi- 
ness service life cycle can be 
managed in a coordinated fash- 
ion, according to Shahani. They 
are also integrated at the config- 
uration management database 
(CMDB) level, with HP Univer- 
sal CMDB serving as the central 
point that integrates all data and 
operations activities. 

The company has also up- 
dated several tools within the 
IT Service Management offer- 
ing, including Service Manager 
7.0 and Decision Center 2.0. 
Service Manager, which en- 
ables automated service life 
cycle management for business 
services, has accelerated prob- 
lem detection capabilities with 
integrations to Quality Center 
and Universal CMDB. HP will 
also offer Service Manager 7.0 
as a service, as part of a strategy 
announced in October. I 
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Intersoft Gets Sirius With Silverlight 



BY DAVID WORTHINGTON 

If you thought Silverlight 1.0 
was only good for eye candy, 
think again. Intersoft Solutions 
is using it to create commercial 
interface components. 

Intersoft Sirius is the code 
name for an upcoming suite of 
Web user interface components 
built upon Silverlight 1.0 tech- 
nology. Sirius provides the same 
server-side object model as 
Intersoft s WebUI.NET; compo- 
nents are consumed in the same 
manner as its other products. 

Developers may use both 
Visual Studio 2005 and 2008 to 
define the control, and may also 
customize its Extensible Appli- 
cation Markup Language 
(XAML). Intersoft CTO Andry 
Handoko explained that custom 

LOGIXML REPORTS 
IT WILL DO JAVA 

BY DAVID WORTHINGTON 

When LogiXML chose to opti- 
mize its reporting software for 
the .NET platform, it effective- 
ly raised a barrier to its adop- 
tion, since Java EE permeates 
the enterprise. However, that 
obstacle is no more. 

The company made a Java 
version of Logi Report available 
on its FreeReporting.com Web 
site in November. The release 
supports Java Web servers, such 
as Apache's Tomcat, BE As 
WebLogic, IBM's WebSphere 
and Red Hat's JBoss, running 
on Linux. 

Logi Report for Java provides 
connectivity for any JDBC -com- 
pliant database, according to the 
company. Java Runtime Envi- 
ronment versions 1.4 through 
1.6 are also supported. 

Logi Report helps develop- 
ers create and publish Web- 
based business reports. The 
software provides AJAX-pow- 
ered charting, crosstabs, data 
grouping, grill-down and drill- 
through, and sorting and paging 
capabilities. Data is stored as 
XML files, making Logi Report 
browser-agnostic. 

"[Logi Report for Java] opens 
up the other half of the universe 
to Logi. Developers can do 
whatever they prefer from an 
integration standpoint," said 
LogiXML CEO and founder 
Arman Eshraghi. 

The final version will ship 
during the LogiNexus 2008 user 
conference, which takes place 
Jan. 13-16, Eshraghi said. I 



XAML is automatically detect- 
ed by the control at runtime 
and applied to produce custom 
animation effects. 

"There are two ways to 
apply your custom XAML. 
First, via the XAML property 



provided in the control: With 
the XAML property, you can 
simply paste your XAML 
markup string into the proper- 
ty. Second, via the XAMLUrl 
property: With XAMLUrl, you 
can specify the XAML file path 



where the control should look 
at the runtime," he said. 

A Sirius preview available 
now features a control called 
FishEye Dock, which is a navi- 
gation control that produces an 
effect reminiscent of the Dock 



in Mac OS X. 

Sirius will be integrated with 
the company's flagship Web- 
Desktop. NET component. It 
will be made generally available 
in early 2008, according to the 
company. I 



Meet the Future. On Schedule 

Introducing the next generation scheduling component for ASP.NET 
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Visit Atalasoft.com for a free trial download. 

Atalasoft, Your .NET Imaging Partner 
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LoadRunner Leads Pack 
At Testers Choice Awards 



BY DAVID WORTHINGTON 

It was a new year but a familiar name 
when Software Test & Performance 
magazine s 2007 Testers Choice Awards 
were presented at the Soft- 
ware Test and Performance 
Conference in Reston, Va., 
in early November. Mercury 
Interactive, now a part of 
Hewlett-Packard, remained 
ascendant. 

HP LoadRunner was cited by a pre- 
ponderance of the magazine's sub- 
scribers as the best testing tool in the 




industry. LoadRunner received top 
honors in the data testing and perfor- 
mance, load and performance testing, 
SOA and Web services testing, and 
.NET and Java test and per- 
formance categories. The 
other testing tools receiving 
the most accolades were HP 
QuickTest Professional and 
TestDirector for Quality 
Center. QuickTest was last year's Grand 
Prize winner. Software Test & Perfor- 
mance is published by BZ Media, which 
also publishes SD Times. I 



GRAND PRIZE WINNER 

HP LoadRunner 

Data Test/Performance 

HP LoadRunner WINNER 

Compuware File-AID/CS RUNNER-UP 

Intel VTune Performance RUNNER-UP 
Analyzer 



Functional Test 

HP QuickTest Professional 

Parasoft SOAtest 
Compuware Optimal 
Quality Management 



WINNER 

RUNNER-UP 
RUNNER-UP 



Static/Dynamic Code Analysis 

WINNER 

RUNNER-UP 



IBM Rational PurifyPlus 

Compuware DevPartner 

Studio 
Parasoft Jtest 



RUNNER-UP 



Test/QA Management 
HP TestDirector for 
Quality Center 

Borland SilkCentral 

Test Manager 
VMware Lab Manager 



WINNER 

RUNNER-UP 
RUNNER-UP 



Defect/Issue Management 

HP TestDirector for WINNER 

Quality Center 

Mozilla Bugzilla WINNER 

Seapine TestTrack Pro RUNNER-UP 

Load/Performance Test 

HP LoadRunner WINNER 

IBM Rational Performance RUNNER-UP 

Tester 

Borland SilkPerformer RUNNER-UP 

SOA/Web Services Test 

HP LoadRunner WINNER 

Empirix e-TEST Suite RUNNER-UP 

IBM Rational Performance RUNNER-UP 
Tester for SOA Quality 



Security Test 

SPI Dynamics Weblnspect 

Watchfire AppScan 
Cenzic Hailstorm 
Enterprise ARC 



WINNER 

RUNNER-UP 
RUNNER-UP 



Test Automation 




HP QuickTest Professional 


WINNER 


Borland SilkCentral 


RUNNER-UP 


Test Manager 




CollabNet CUBiT 


RUNNER-UP 



Embedded/Mobile Test/Performance 

IBM Rational Test Realtime WINNER 

Eclipse Device Software RUNNER-UP 

Development Platform 

Wind River Workbench RUNNER-UP 

SCM/Build Management 

Microsoft Visual SourceSafe WINNER 

Subversion RUNNER-UP 

IBM Rational ClearCase RUNNER-UP 

•NET Test/Performance 

HP LoadRunner WINNER 

Microsoft Visual Studio RUNNER-UP 

Team System 

Parasoft TEST RUNNER-UP 

Java Test/Performance 

HP LoadRunner WINNER 

JUnit RUNNER-UP 

Parasoft Jtest RUNNER-UP 

Integrated Test/Performance Suite 
HP Performance Center WINNER 

Empirix e-TEST Suite RUNNER-UP 

Compuware Optimal RUNNER-UP 



Commercial Test/Performance 


Under $500/Seat 




Tech Excel DevTest 


WINNER 


Pragmatic Software 


RUNNER-UP 


Planner Professional 




Mindreef SOAPscope 


RUNNER-UP 


Free Test/Performance 


i 


Mozilla Bugzilla 


WINNER 


JUnit 


RUNNER-UP 


Eclipse Test & Performance 


RUNNER-UP 


Tools Platform 





Best Solution From a New Player 

Fortify Defender WINNER 

dynaTrace Diagnostics RUNNER-UP 

Veracode SecurityReview RUNNER-UP 
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Web Apps Quickly — with Virtually No Code. 




m- 



7> 



cr 






?2 

3^ 






a 



V 

3 



=1 



Highlights 



Ribbontor.NET 

Pelivv?- hot=i Ribbon and Status Bar functionality with 
bulk-In Office 2007 blue, black and silver styles including 
Vista Aerti support 

Create flexible and interactive modal and models, 
dialog wlridtiW5 for neKL-gene*atlGn Web application 
development 



Schedule and Calendar Controls fof .NET and ASP.NET 
Display Outiook-stylc appointments In day, wesk, work 
week, or monthly views 

Office 2007 Visual Styles 

Included In True DRGrid Fo* .NET, RewGrid for .NET, List for 
.NET r Input Fof .NEX Menus and Toolbars fbr .NET, and 
Ribbon fo* .MET 



3 



Component One* 



Lis 



Studio Enterprise >oo7 



The Most Comprehensive Suite of Visual Compor 

i ■:." 2CuJGatap™riH5hftii£ WTrioJ :l ifcfcfiBd W pTotfuct •■ j -■__ 21:0 ■ •■ il-:I I:-. ■!■: i Oijibd .-.■ .:-v"vi: 



freeteial @ wwwxqmponentone.com/enterprise 



nts Available Anywhere 



fqpj) ComponentOne 

^fpF . elop-rnent- Accelerated. 



Enable Your Web 2.0 Enterprise 



& 








>• .1 > ,% ■ , 


II ^™" n,+ " 


q fana 1 h W In ■■■■■ 


,™ 


— u i 


ST**. 


,— _- M ci** 




,— k*.- 


G 


- 


r^M 4 V illLH 




. U k4 . 


L: K 1 — W. 



Fik |dfr View WiSstrtt 9uJd Debw^ formal L^qu* loc?t Wrfidcw CoHirTYjrvty Help 
jl^-ijyi 11 ^lifi ► DEfrug * MET 

^|| m / u A ^ IM* 1 E Elt 




. •- 


L*4 


™" 















▲ Drag & d-nop grid elements within 
the Visual Studio 2005 design surface. 



Integrated 

< Chart FX 
technology 



•u. Or J ■ -.." L? * Ml * 




for instant 
data analysis. 



n ■ 



v n- 

' I ' 



il.i 'irr J id I 



5 (andjinJ 

Mi 

■-■ilHjTior. 

Loom 

HTML 

ij: Poinfl.ir 

^ Vefb-Ljltflugc 
f- Hcri:DrtfllCHug« 
. _ Pj JialGjugt 

- Grid h>: 

ftj Rainier 
jj firid 






defjulLaipK 



▼ Powerful ternplating capabilities. 



- G*<^*al 



* 



i Me Aijerll Idling 



&MTin 



rr 



MX&my juun 



pn fffwu '^-i m a'l *- rf- ^- i ■ ■ ■ *+fmm F" h-J 



rt ■Ah'+MLI tMphlMrtllH 



iiirbfcMLII 

4 . i ILl la 

• iHr M 



Enhanced Smart Tag Wizard provides 
moit features to limit the need to 
access code or the properties grid, ▼ 










CE^^^^^B^ 


lariiEwl 


■ IK 












1, 


P 


™ — 


3 






i ., _ 


J 






El 


n» 


- 


— 1 



Millennium Real Estate 
Property EMitrae 







FiirrS. r< (n ,l ncctiprvi n^l^frj n| 

deirfd _ks« «rnct«d icji^kti* 



tf£ 




jECo3ff*H 




it a; i 5a 



I Kit 



JHTW1 L-v 



IFDtS 

EsicT 



PH>J*IUlT* frtdulll 




owmf. Grappa, teriiiffisntw-'anis. Tut 
KLtKim mcfcjdid n pnet* rT-Urt w 

10*^ t*Y»vp1 JiJ HW hlchin lift 1 v 
riorms ilwd nd li# Itmt C jn*T<-*z 

ra-frci-'-Htg dm! Urpc ^nch»$l ton 
— i «iduded fi pncei rl dearE 



hMn Pw-ij^i 



tnDElEd lCTJ!f !li<j 



Projwtytiundi 
tajiza sw 9Kiit PUfit 

CmtM IrilHTiLiihfn^ 



::■•■. 



Ni-I- ■; 

fw ngrii ieii.niE 



:' = : 



y.:> 



i. 



rrnf 



iS«£ 2f 



^h- Pfopwr^ '. r iijfl 



I 



. « ^» Hp , 









I 



■ j-- 



^nct* MMi^H ||- Ll^lil 



I 



■ »■■■ I 1 -1-.^ 



ilbiiitHMim i uru. 



hpHI li ■ UMM-IPI 




Cljart 

Brought to you by the makers of ^K# ■ ^* 



COM i .NET- JAVA - tT|SQL 
CHARTING SOLUTIONS 



f ~/X? Sctt*a«^X *ll r^ti i«e*^w1 Chirt IX jno^i^PK di-r r^hlr-cd ti&dFm-T^ of W^.-.jir I >:. Itc, a|| mh^rSiunds irEovwdbf 1h«i Tspcciii«;ofMTcn 



♦ Specifically designed for Visual Studio 2005 and ASP.NET 2.0 

♦ Revolutionary design-time experience for complete e«e of use. 

♦ Unprecedented control for the end-user at run-time. 

♦ Dynamic aesthetic features, for data presentation and analysis, 

♦ The most innovative functionality of any grid ever developed! 






- ^^zSx'ffla-* 



* 
i— — 



ii 



ili.iiiiiiil 

— — ^iiiijiimiii 



-w k I Praprtfntt 



£ 




F»W ED ******* bwctitittvli 



Hull* 






Lire and 



., 







1 LiiflC 
■ 2 :i :1 



■-C: 



-Itiic-rJ 

na-3 SffT3 









J 'J 

* It i --i 



■5£j 



*3T3. 



PrtetTffi 



Yflnr 



LdH-BwiltiTD 



ftcnirfi 



Piiil I jynK 



WhiTllhiL 



Chooit Chfti: Cita 



"Ll 



cSrifiM 



J 



■ UPi SfpintfgitiSBUicr Cart «flJ 
Gh-3-Di* 1 Ihii -jptic-" If jw wA tc 
LiinTig-urt ^ ou ■ dun Ei1» j;iric a 

HpiTitC (ill J KHPtf IHllflL 




USC Ednas pat&5ajKt 
ChMl* this G-ptlOn IT JGU W*0" to 
[onrigurf roui Chirl £jlA'j-inc 
In* 0fl<J4!idikJfduru. 



5*l*<i DAtpfci^cJ 



[ ■^■ r f** irTnfc i Srtiii' r *■ i 



>dt<U 



rd&Sd1ricj5 



+ OK I O^nrtfJ 



tiliiii 



A,«rpS 



l Mpdnt^ Insert. mdD* 







A AJAX-enabledrun 

time interface provides 

toolbars and setting* 

such 55 motifs. The 

elegant "Ghost Bar" 

provides end users with features such 

^ data copying, grouping, sorting ft 

filtering, hide or show columns, plus 

font selection, size, style & color. 



^ifirESHOPS' 
DrtiMefnbcr 




7 Heidi 





A Card views and master details 




edit during run-time through 
tor modal inputs 



Download a FREE Developer License today 

at www.softwarefx.com 



^FX 



24 



NEWS 



Software Development Times . December 15, 2007 . 



www.sdtimes.com 




H RSSBus 



beyond blogging 

new ways to connect your data 



An ino^Jnrccf fnnjjEwork of tocfc and services Ehot use 
rirnp/E prvtocok sucJi oj RSS und ATOM to deftwer a rich 
set erf 5*rvfces tfjrrjujjia sl/tjctiried infoFmotwn /eeds wft/i 
rich ctaa points 3 enabling sfcrrjafc ]f£l pcawer/uf ways tn 
connect JJserr, app/jbaLion^ und Vfiterrts 




FEED SERVER 



Easily create dtnamic RSS feeds from 
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'Boss' Hogs Limelight 
At DARPA Challenge 



< continued from page 1 

passed, but in general, he had around 10 
developers coding every day, and their 
highest priority was stability Breaking 
the build was strictly taboo. 

"Breaking down the problems into 
smaller problems and then assigning the 
work, and coming up with an architec- 
ture that can solve the problem in an 
elegant way, is a lot of what I worked 
on," Salesky explained. "[Also,] integrat- 
ing all the different pieces: Developers 
would be making a motion planner or a 
behavior algorithm, then taking that, 
testing it and building the system up in a 
logical progress." 

For the most part, the team stuck to 
free tools. "The primary OS was Ubuntu 
6.06; on that we used GCC. Everything 
we did was written in C+ + . We used Val- 
grind for finding memory leaks and oth- 
er errors," and McCabe Software donat- 
ed its IQ source code analysis tools. "It 
helped us focus our energy on where 
problems might be in the system," said 
Salesky. 

The team also used frameworks to 
make life easier, Salesky noted. "We 
used the Boost framework from 
Boost.org. That's just been a really 
invaluable set of libraries. They're really 
well tested and proved to be really 
handy. For mundane things you don't 
want to write yourself, like serialization, 
or taking objects and putting them in a 
bucket of bits to send over the wire, that 
was really handy," he said. 

PROCESS MAKES PERFECT 

All those tools helped to save time, but 
in the end, Salesky pointed to the soft- 
ware developer's oldest and worst neme- 
sis: deadlines. "From a pure software 
engineering standpoint, the biggest 
challenge was integrating all the pieces 
together at such a rapid pace. We had a 
year and a half to take it from concept to 
production. That proved to be a little 



more daunting than what most of us 
thought," said Salesky. 

"The way we tackled a lot of that was 
to have consistent meetings that talked 
about the architecture," he explained. 
"Having a source tree that was well par- 
titioned helped. It's important to carve 
out little boxes for people to work 
inside of." 

In the end, the team found that 
process was the most important part of 
productivity. That's not to say, however, 
that the team adhered to strict rules. 
"A lot of the process we tried to keep 
lightweight," said Salesky. "I have a lot 
of background with really heavyweight 
process, like long-term military pro- 
jects with the weight of the DoD on 
you. I was coming to the academic 
world and trying to apply engineering 
practices to bulletproof the process. I 
learned what parts of the process mat- 
ter and what parts don't. I think I was 
able to streamline it to work on the 
project with this time frame and make 
it more agile." 

He continued, "In the corporate 
world, you'll tend to have a whole bunch 
of developers in a room doing a code 
walkthrough. We just didn't have the 
time, [so we started] doing an offline 
code review: You ask someone to go 
review these three classes and let me 
know your thoughts. But you're still get- 
ting the benefits of the code review. 
Tweaks like that helped to keep some 
process around so it's not kamikaze soft- 
ware writing, but allowed us to still have 
oversight over the things being built." 

That agility in development translat- 
ed into a more agile and capable robot. 
With a US$2 million prize handed over 
to the university, the Tartan team is still 
working furiously to finish its final 
report for DARPA. Salesky s back to 
work with the NREC, with only the 
newspaper clippings to show for his 
work. I 
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CodeGear Steering Own Course for Developers 



< continued from page 3 

things that still need to be 
improved are the team and col- 
laboration parts and bringing 
process into the RAD world." 
That's no small feat in an 



industry where many developers 
still cling to vi and Emacs. But 
Intersimone has a strategy for 
luring the grognards away from 
their command lines. 

'When I look at people using 



programmers' editors, they also 
seem to have several instant 
messaging windows open, and 
they're context switching — alt- 
tabbing — using the desktop as a 
pseudo-environment. We believe 



in the richness of an integrated 
and open environment that gives 
you the best of the command- 
line world and the best of 
the programmers' editor world," 
said Intersimone. He pointed out 
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that CodeGear's Third Rail edi- 
tor for Ruby includes a com- 
mand-line interface. 

Vishy Venugopalan, software 
developer tools analyst at the 451 
Group, said that CodeGear 
needed to escape from Borland 
to be successful. In Venu- 
gopalan's opinion, Borland was 
too concentrated on the low-vol- 
ume, high-value multimillion 
dollar deals to be paying atten- 
tion to the markets CodeGear 
now plays into. With its high-vol- 
ume, low-price IDEs, CodeGear 
wasn't getting the sales and mar- 
keting support it needed from 
Borland, he said. 

Venugopalan recently fin- 
ished a report for the 451 
Group on CodeGear and dis- 
covered that the company is 
heavily dependent on its Delphi 
line of products. 

"Two-thirds of their business 
is still from Delphi. They may 
not be able to make deep 
inroads into Java development 
communities because, funda- 
mentally, they're still compet- 
ing on a feature mindset, where 
Eclipse, and the Java world, has 
moved to a community mind- 
set. But I think they realize it 
too, and that's why they're 
doing tools for PHP and Ruby. 
Tools for these dynamic lan- 
guages are still relatively imma- 
ture," said Venugopalan, who 
sees this as an opportunity for 
the company's future growth. 

NEXT STEP: INTENT? 

The future for Intersimone is 
still feature-based. He sees 
numerous possible avenues 
for developer productivity im- 
provements, and new tricks and 
time-savers usually translate into 
powerful new features. For 
Intersimone, one of the biggest 
potential time savers is metadata. 
"As frameworks solidify 
groups of functionality, what's 
missing is: 'How do we capture 
the intent and the knowledge of 
the person who built the frame- 
work?' You can document it; 
you can embed comments in 
the code; you can put the mod- 
els in with everything. But how 
do you capture the intent? The 
next logical step is for the archi- 
tecture to continue to capture 
the structure and evolution and 
logic behind the developing of 
the application. That kind of 
knowledge in the past has been 
kept in people's brains," said 
Intersimone. I 
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Large Screen or Small, It's 'One Web' 



< continued from page 1 

The broader message of the 
address delivered by Berners- 
Lee at the conference is that 
the growth of the mobile Web 
depends on adherence to the 



open standards — such as 
HTML, HTTP and Cascading 
Style Sheets — that have made 
the wired Web possible. 

"Whether content is deliv- 
ered on a mobile device with a 



2-inch screen or a desktop com- 
puter with a 30-inch screen, 
there is one Web," said Bern- 
ers-Lee, director of the World 
Wide Web Consortium (W3C). 
Without naming Apple, he crit- 



icized the company for its "pro- 
prietary system, which lets you 
download music from only one 
store." The Web is designed to 
be universal, to include any- 
thing and anyone, he said. 
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"People want to choose their 
hardware, their software, their 
content." 

OK FOR MOBILE? 

His talk, titled "Escaping the 
Walled Garden: Growing the 
Mobile Web With Open Stan- 
dards," emphasized the impor- 
tance of ensuring that Web sites 
work well with mobile devices, 
not just laptop and desktop 
computers. It coincided with 
the W3C announcement of the 
mobileOK checker. Available in 
an alpha version (validator 
.w3.org/mobile), the tool lets 
developers and designers test a 
Web page to determine how 
well it's suited for delivery on 
mobile devices. 

Entering the URL www 
.google.com, for example, in 
the mobileOK checker result- 
ed in some positive feedback, 
such as "The markup of the 
page is well-formed and valid," 
and "The page provides 
caching information." But 
problems were noted as well: 
"The page uses a free text 
entry at line 3 column 1460, 
but doesn't specify a default 
input mode for it." 

The mobileOK checker 
runs tests based on the W3C 
best practices for delivering 
Web content to mobile 
devices. Examples include: 
minimizing the number of 
keystrokes users are required 
to enter, offering preselected 
responses, providing caching 
in HTTP responses, and 
avoiding table formats and 
other layouts that mobile 
devices don't render correctly. 
"Many of the best practices 
are in fact good Web design 
principles, so the whole site 
will be easier to use for any- 
one," said Berners-Lee. 

At the conference, Berners- 
Lee also said the Web is mov- 
ing toward a time where users 
are developing an increased 
awareness of public and private 
content. "When they put stuff 
in a public place on the Web, 
they will [realize that's what 
they are doing]." Better ways to 
manage privacy will emerge, 
such as setting policies that let 
content on a social networking 
site expire after a designated 
period of time. That way, when 
kids divulge information about 
themselves, they know that the 
content won't remain there for- 
ever, he said. I 
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Council Establishing Secure Programming Standards 



< continued from page 1 

application faults; be familiar 
with attack scenarios, such as 
eavesdropping, man-in-the-mid- 
dle and passerby attacks; be able 
to write programs that read 
input from interfaces; and prop- 
erly validate and output the 
data. Programmers should be 
familiar with cross-site scripting 
and Scheme Widget Library 
injection. 

Moreover, Java program- 
mers must understand when 
and how to use encryption to 
protect sensitive data, under- 
stand the security implications 
of built-in data types and Java- 
specific memory management, 
and the architecture-level 
issues and coding practices that 
contribute to security. 

MORE INITIATIVES IN WORKS 

Once finalized, following a 60- 
day comment period, the coun- 
cil will publish the essential 
Java skills document for all to 
use. It is undertaking additional 
minimum skills initiatives for C, 
C++, .NET languages, and Perl 
and PHP. 

The push for the exams is a 
joint effort of CERT/CC, SANS 
Institute and several U.S. govern- 
ment agencies, as well as leading 
companies in the U.S, Japan, 
India and Germany. The council 
stresses that programmers' skills 
be combined with an effective 
secure development life cycle. 

The GIAC Secure Software 
Programmer Certification Exam 
for Java will be administered in 
December in London and Wash- 
ington, D.C., and in 15 other 
cities in Europe and the U.S. 
over an eight-month period. 

"I'm glad that they recognize 
that producing secure, quality 
code goes beyond program- 
ming, and that these skills must 
be combined with an effective 
secure development life cycle,' " 
said Rex Black, president of Rex 
Black Consulting Services and 
president of the International 
Software Testing Qualifications 
Board. "I'd like to know when — 
or whether — they intend to start 
certifying development leads, 
test leads, development man- 
agers, test managers, project 
managers and product managers 
in that vital area." 

Black noted, "Programmers 
with secure programming skills 
who work within development 
life cycle processes or organiza- 
tional cultures that devalue or 



ignore security in particular, and 
quality in general, won't make 
much of a difference." 

Stephen Northcutt, president 
of the SANS Technology Insti- 
tute and founder of the GIAC 



certification, responded that the 
council has put in a lot of effort 
to get as far as it has with con- 
sensus, noting that there is no 
single life cycle methodology. He 
disclosed that it is in discussion 



with Chris Webber of Casaba 
Security to create free Webcasts 
and paid training on the 
Microsoft life cycle approach. 

Northcutt said the council 
has two dedicated evangelists 



that are approaching other orga- 
nizations and reaching out to 
software testing companies, 
thought leaders and Web securi- 
ty companies to bring more peo- 
ple on board. I 
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Introducing Time-lapse View, 

a productivity feature of Perforce SCM. 

Time-lapse View lets developers see every edit ever made to a file in a 
dynamic, annotated display. At Hong Ias1, developer? can quickly find answers 
to queslions SLurh asr f Who wrote this code, add when?' and 'Wriul content 
30I changed, and why? r 

Time-lapse VFew features a graphical timetine thai visually recreates the 
evolution of a file, -change by change, in one fluid dispEay. Color gradations 
mark the aging affile contents,, and trie display's timeline con be configured 

to &bow cfionges by revision number^ dale, or change*et number. 

Time-lapse View is |ust one of the many productivity tools that come wilh the 

Perforce SCM System. 



Perforce 

SOFTWARE 



Download a free copy of Perforce, no questions 

asked, from wv/w.perforcccem. Free technical support is 
available throughout your evaluation. 
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MontaVista Refreshes Carrier-Grade Linux 

Update includes SELinux security, new monitoring, debug features 



BY P.J. CONNOLLY 

To those who remember when 
Linux was strictly a hobbyist 
operating system, it's nothing 
short of incredible that, in less 
than a dozen years, it's found 
not only in consumer devices 
such as TiVO but at the most 
demanding levels of reliability 
in so-called "carrier grade" tele- 
com equipment. 

MontaVista Software re- 
freshed its entry in the market, 
announcing MontaVista Linux 
Carrier Grade Edition (CGE) 
5.0 last month. The new release 
is scheduled for availability on 
Dec. 17 for Intel and PowerPC 
platforms, with MIPS support 
due in the first months of 2008. It 
can be used with network equip- 
ment from a list of providers, 
including Alcatel-Lucent, Iskra- 
tel, Motorola and NEC. 

CGE 5.0 is built around the 
Linux 2.6.21 kernel and the 
Carrier Grade Linux 4.0 speci- 
fication, and features a unique 
runtime patching technology 
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The graphical memory display in MontaVista DevRocket 
offers visual references to memory leaks across the 
t system or by specific functions. 



that the company claims allows 
field engineers to apply binary 
patches to an active system 
without requiring reboots or 
other downtime. 

This release is the first carri- 
er-grade operating system to 
include the NSA's Security- 
Enhanced Linux (SELinux), 
according to MontaVista. 
SELinux focuses on role-based 
access control and works on an 
allow-deny basis with any com- 



ponent or object within a sys- 
tem. CGE 5.0 also includes the 
SLIDE integrated security pol- 
icy development and deploy- 
ment system, which plugs into 
MontaVista's DevRocket IDE 
and allows graphical security 
policy configuration. 

As well as the security plug- 
in, the DevRocket IDE re- 
ceives new development and 
debugging components as part 
of the CGE 5.0 release, cover- 



ing memory leak detection and 
usage analysis, performance 
profiling and system tracing. 
Also presented in the IDE is a 
live RSS feed from the compa- 
ny with product updates and 
defect resolutions. 

New in this release too is the 
Flight Recorder, which acts like 
an airplane's "black box" to track 
and log system history and behav- 
ior. Flight Recorder maintains a 
scheduler history that the compa- 



ny says provides more informa- 
tion than a simple crash dump, 
and can be extended for cus- 
tomized tracking and diagnostics. 

The CGE update includes a 
refreshed MontaVista Field- 
Safe Application Debugger, 
designed to make it easier to 
use with live systems without 
halting execution or taking the 
system offline. Live core dumps 
are also possible with CGE 5.0, 
halting an application for a 
small fraction of a second to 
snapshot memory. MontaVista 
claims this can be done with 
pauses of hundreds or even 
tens of milliseconds. 

High-resolution process 
accounting is also available in 
CGE 5.0, allowing engineers to 
monitor and predict CPU loads, 
according to the company. So- 
called "microstate" accounting 
can improve network perfor- 
mance by allowing the design of 
effective load balancing and 
graceful protocol degradation 
schemes. I 



Xilinx Kindles Soft Processor Fire 

New MMU in MicroBlaze 7 allows use of commercial OSes 



BY P.J. CONNOLLY 

Xilinx was on fire in November, 
launching the latest version of 
its MicroBlaze 32-bit software- 
based processor and a new 
FPGA-based accelerator for 
the Intel Front Side Bus, as 
well as updated versions of the 
company's developer tools. 

MicroBlaze 7 features a new 
memory management unit that 
the company claims is the indus- 
try's first configurable MMU to 
enable commercial-grade oper- 
ating system support. Xilinx 
intends the new MMU to sup- 
port both the volume-oriented 
Spartan and the high-perfor- 
mance Virtex lines of FPGAs. 

"Microprocessing is moving 
into FPGAs" to meet the 
requirements for "soft" proces- 
sors, explained Xilinx senior 
product manager Jay Gould. 
"There are certain kinds of per- 
formance advantages and other 
flexibility advantages to moving 
the processing into the FPGA. 
We offer a lot of other options 
rather than just adding another 
processor chip on your board or 
clocking the core faster," he 
added, because those fall victim 



to diminishing returns. 

LynuxWorks was the first 
embedded Linux provider to 
jump on board with Xilinx, 
releasing a MicroBlaze platform 
version of its Blue Cat Linux the 
same day, Nov. 14. LynuxWorks 
vice president of marketing 
Robert Day noted, "What we're 
really trying to do is offer soft- 
ware developers a natural, com- 



fortable platform to develop 
their applications on, even 
though it's running on a config- 
urable hardware platform." 

The new MicroBlaze pro- 
cessor also features new float- 
ing-point unit instructions 
intended to boost FPU perfor- 
mance, and an updated inter- 
connect with the CoreConnect 
processor local bus (PLB) that 



allows the scaling of interfaces 
from 32-bit to 128-bit designs. 
The PLB also allows developers 
to connect with memory con- 
trollers in point-to-point or 
shared topologies, and supports 
full-duplex DMA engines. 

The Xilinx Platform Studio 
was also updated, with new fea- 
tures in the Base System Builder 
wizard to support the multiport 



memory controller, and a new 
clocking wizard. The Eclipse- 
based SDK now offers support 
for remote debug and Xilkernel 
support, allowing developers to 
use memory protection on 
MicroBlaze processors. 

Meanwhile, the company also 
announced its first FSB acceler- 
ator designed for the Intel Xeon 
7300 series of datacenter servers. 
The Accelerated Computing 
Platform Ml is based on the 
company's Virtex-5 FPGA and 
uses an Intel-designed abstrac- 
tion layer. I 



NOVELL'S SUSE RTOS GETS AN OVERHAUL 



BY P.J. CONNOLLY 

Sometimes, what's in a name is 
a road map. Novell brought its 
real-time Linux offering into 
line with the naming of the rest 
of its SUSE Linux family when 
it released SUSE Linux Enter- 
prise Real Time 10 on Nov. 27. 
The second release of the com- 
pany's RTOS offers updates 
that aim to reduce system laten- 
cy and improve predictability. 

Although both the first and 
second releases use the compa- 
ny's SUSE Linux Enterprise 
Server 10 as a foundation, this 
version is more fully integrated 
with the underlying Linux OS, 



said the company. Novell 
worked with the open source 
community to supply the real- 
time components in the update, 
which was built on the 2.6.22 
kernel, explained Kerry Kim, 
Novell's product marketing 
manager for SUSE Linux Enter- 
prise Real Time, or SLERT 

The initial release's real-time 
capabilities came from work 
Novell did with Concurrent 
Computer, Kim noted, and were 
later released into open source. 
Concurrent remains in the fami- 
ly picture for SLERT, which is 
"fully instrumented" for the 
company's NightStar debug and 



analysis tools, explained Concur- 
rent president and CEO Gary 
Trimm in a prepared statement. 
The RTOS update adds new 
features for pre-emption, includ- 
ing priority inheritance, sleeping 
spinlocks and thread run inter- 
rupts. The first allows lower-pri- 
ority processes to inherit the pri- 
ority of parent processes, while 
the second allows developers to 
free up resources for higher pri- 
ority processes by suspending 
lower priority resource locks, or 
spinlocks. Finally, kernel run 
interrupt threads allow hardware 
and software interrupts to be 
pre-empted by higher-priority 



processes as defined by the user. 

SLERT 10 lets users define 
how processes and threads are 
assigned to individual processor 
cores, claims Novell, and iso- 
lates real-time services from 
other system functions with the 
aim of improving reliability. 

Also new in this release are 
timer kernel services that oper- 
ate with a much finer degree of 
accuracy, noted the company. 
The low-fidelity POSIX timer 
service from the initial release 
ran with a 40-millisecond reso- 
lution, but the new implemen- 
tation cuts that to just 2 
microseconds. This allows Nov- 
ell to claim that system process- 
ing can now be accounted for 
by the nanosecond. I 
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Keeping Data in Sync 

Organization, scoping and security the keys 
to effective synchronization 



BY P.J. CONNOLLY 



Going mobile might have been the 
dream of the vagabond in Pete 
Townshend's song, but for devel- 
opers, it can be a nightmare. 
Increasingly, end users — many of 
them with corner offices and highfalutin 
titles — are demanding that corporate 
applications be mobilized and given 
access to company data without regard to 
location. Of course, it's one thing to give 
people access to data, and another to let 
them work with it, because the second 
case brings up the question of how that 
remote collection of data gets synchro- 
nized with the corporate data store. 

But what options are out there for 
developers new to the mobile arena? We 
spoke with representatives of the lead- 
ing providers of database platforms, to 
see what advice (and consolation) they 
could offer the neophyte mobile devel- 
oper charged with mobilizing data while 




keeping it secure — truly a contradictory 
assignment. 

SETTING EXPECTATIONS 

The first step, explained Aberdeen 
Groups wireless and mobility research 
director, Philippe Winthrop, is cutting 
the scope of the project down to the 
barest minimum. "The key to develop- 
ing any good mobile application is really 
about going and doing a business analy- 
sis around what is core versus context," 
he noted. 

"It's not about trying to put the 
kitchen sink in there," Winthrop said, 
"but really making sure that you've only 
got what is absolutely necessary, and that 
you spend an extensive amount of time 
on the usability testing to ensure that the 
application is going to, as efficiently as 
possible, do what it is intended to do. It 
becomes that much more critical on 
such a small device, that has such a thin 
pipe, where it's very limited in terms of 
the screen size." 

Anthony Carrabino of Microsoft, 
senior product manager for SQL Server, 

noted that putting data in the hands 

of mobile workers is only the start. 

It's not good enough to get the 

data out to them; what you 



really want to do is to get those users to 
edit and update that information and fol- 
low them wherever they go, so that when 
they get connectivity, the connection 
happens in a very reliable way." 

His colleague, program manager Liam 
Cavanagh, added: "Realistically, even 
with the coverage of cellular networks, it's 
not prevalent to have connectivity wher- 
ever you go. So that's why we have syn- 
chronization: being able to take the infor- 
mation that's important to those workers 
and be able to put it onto a mobile device, 
so that they can access it regardless of 
whether they have a connection or not." 

Part of that initial scoping is making 
sure that synchronization is taken into 
consideration from the get-go. "One of 
the most common things that we hear 
from our customers when we start talk- 
ing about sync is that it's sort of an after- 
thought," explained Roger Kehl, senior 
product manager with Sybase's iAny- 
where Solutions. The mobile application 
designed by rookies will have UI 
and essential functionali- 
ty, he noted, "but 






they don't really architect 
right from the beginning with the 
idea that when you're building a mobile 
application, you fundamentally have to 
be thinking about synchronization" from 
the start. 

"You have to think about how often 
are users going to be online or offline," 
Kehl added, "what kind of functionality 
do you want to provide when they are 
offline, and how long might they be 
offline. If you have an application that is 
occasionally connected, where your con- 
nection is broken every few minutes, but 
only for short periods of time, that is 
fundamentally different from someone 
who takes a mobile application out of 



the office and goes away for a weeklong 
business trip and comes back to the 
office to sync up, and there's everything 
in between." 

Oracle's vice president of embedded 
systems marketing, Rex Wang, agreed: 
"Clearly, there's more data that lives out- 
side the datacenter, at the edge, in the 
embedded world and in the mobile 
environment." He added, "The basic 
challenge related to synchronization is 
the need to enable an offline or occa- 
sionally connected function. You have a 
need to store that data locally. . .not only 
store it, but process it locally. You can't 
expect your end users to back up the 
data or [work] with the schema on their 
handsets. This thing needs to 
be centrally or automat- 



s 






ically adminis- 
tered by the application." 
Developers, explained Wang, 
need "to look at this holistically, from 
an end-to-end perspective; think of it as 
managing the entire application life 
cycle. You need to develop the applica- 
tion, and you need the right kinds of 
tools and IDEs, things like that; you 
need to deploy it, [and] you need to 
provision your users and the devices 
with those applications while the users 
are using them; you need to deal with 
synchronization as well as user manage- 
ment and monitoring. Later on, you 
might need to enhance your applica- 
tion, to upgrade it, etc." 

THE NUMBERS GAME 

Although limited connectivity is a valid 
concern today, some are already looking 
past the mobile data store model to one 
of ubiquitous connectivity. IBM Software 
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Group s senior competitive specialist for 
information management, Reed Meseck, 
argued, "In many respects, I think we're 
moving from an era where we were trying 
to do synchronization with thousands of 
devices, to an environment where it's no 
longer practical to do synchronization to 
millions or billions of devices." 

He continued, "There is an environ- 
ment for synchronization, but I think 
today we have expectations of on- 
demand data, of immediacy What's the 
point of having the data on a mobile 
device if it's out of date? The whole rea- 
son I want data on a mobile device is 
because I want it now" 

Meseck is convinced that the time for 
on-demand data is now, if only because 
that approach eliminates the whole 
problem of syncing data. "I think there's 
a huge impetus to move to applications 
that don't really rely on the data being 
stored in the device. The more data you 
store in the device, the more difficult it 
is to keep synchronized." 

Why? "These pieces of data stored 
out on remote devices effectively 
become a distributed 



DOLING OUT DATA 

How one's data is organized is extremely 
important, the experts agreed. "To start 
off," noted Sybase's Kehl, "you have to 
think about how you want to partition 
the data in such a way that each user has 
the right data to do their application, but 
not more than what they need. You want 
to minimize the amount of traffic that 
gets sent over a network; you want to 
minimize the amount of data that you 
actually store on a device, because some 
of the devices that people are working 
with are pretty memory-constrained. 

"The challenge there as a mobile 
application developer," Kehl continued, 
"is how do you partition the data in such 
a way that each mobile user only gets 
what they need, exactly what they need, 
and no more than that. It makes the sync 
performance better, [and] it makes the 
application perform better on the 
device, and it minimizes the system and 
storage requirements." 

Conflict detection, whether between 
the data of two road warriors, or 
between that of the field force and the 



the temporal nature of data. "When is 
becoming a very important dynamic." 
His solution can be found on any milk 
carton: "Even if they've cached that 
data, they're going to need to. . .put up a 
freshness date on the data," one that 
says: "Teah, this data's a little old, but 
here's the full disclosure.' You have to 
reveal what the age, what the vintage of 
the data is." 
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SECURITY IS KEY 

Aberdeen's Winthrop sees security vul- 
nerabilities as posing the greatest risk for 
developers of mobile applications. 
"These enterprise devices are extensions 
of an individual's office. So with that, 
there are tremendous issues around what 
to be held on those devices, 
compounded by the fact that you now 
have storage cards that are in excess of 
2 or 4 gigabytes. You can now have a 
tremendous amount of information 
on your intelligent device, your 
smartphone, whereas in the past, 
that wasn't necessarily the case." 

continued on page 34 ► 
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caching problem," Meseck explained. 
"If I can check to see if the data is stale 
or fresh, I can probably just as well get 
the data. The amount of data you can 
display on the device is limited... you 
have to check to see if the data's coher- 
ent or up to date, [so] you might as well 
get the data now, and get the latest 
data. Why have it a minute old, if I'm 
already sending a transaction to the 
system?" 

Meseck admitted that there are plen- 
ty of places where this won't be possible 
soon, if ever. "Applications for devices 
like that are starting to shift more to an 'if 
there's any way to be connected, be con- 
nected' approach. But for those rural 
areas or those instances [where you're 
never going to have a decent connec- 
tion]," he continued, "there are still 
going to be applications where you may 
need to persist the data. But you want to 
be very careful about the data that you're 
acting on because, again, stale data can 
be a very dangerous thing." 



home office, is another beneficiary of 
proper partitioning. It's important not 
just to detect conflicts, Microsoft's 
Cavanagh explained, "but to resolve 
them in a way that fits in with that 
organization's business logic. 

"These can get very complex," he 
continued. "So what you want to try 
to do is to filter informa- 
tion between each of the 
users ... to minimize 
the chances of collid- 
ing data changes or 
conflicts by partition- 
ing the data. Filter- 
ing that information 
from user to user" 
is key to any offline 
or collaboration 
effort. 

Part of the 
problem behind 
reconciling the 
changes of many 
users, explained 
IBM's Meseck, is 
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< continued from page 33 

Winthrop pointed out that mobile 
users are utilizing what amounts to a 
public network as they roam from 
hotspot to hotspot. "When you look at 
mobilizing applications, and not just 
messaging" but collaboration, or access- 
ing back-end ERP systems or executive 
dashboards, "one of the keys is making 
sure that there are VPN connections 
being enabled for those devices. That's 
of critical importance to ensure that 
there is not just security on the device 
itself, but that the actual transmission of 
data is done in a secure fashion." 

But it doesn't stop there, Winthrop 
cautioned. "You also have to make sure on 
your back end, when you have the con- 
nectivity to your internal infrastructure, 
that you have the proper authorization 
and authentication policies in place to 
ensure that only the appropriate people 
have access to the systems in question." 
Both Sybase's Kehl and Oracle's Wang 
agreed that developers of mobile applica- 
tions can't take data security for granted, 
as they might do on an internal network. 

TOOLS FOR THE JOB 

Choosing the database itself is depen- 
dent upon the task at hand. "As trite as it 
sounds," Winthrop explained, "it really 



depends on the kind of application that 
you're looking to mobilize. I've seen 
vendors who are developing mobility 
frameworks that allow you to create 
mashups, [leveraging] disparate data 
sets across the enterprise into one appli- 
cation, that absolutely is going to require 
a relational database. However, there 
may be a very simple application that has 
no need for that, and why over-engineer 
the thing?" 

Although relational databases aren't 
the only choice for a mobile application, 
if data synchronization is involved, they 
are often the most efficient one. 

"There are real benefits to using a 
more robust data storage mechanism like 
that," explained Kehl, "versus a flat file or 
an XML representation. There are great 
things we're able to do [via Sybase's 
MobiLink technology] with synchroniza- 
tion as far as handling conflicts, as far as 
uploading stuff as a transaction and being 
able to roll back — all that sort of thing 
comes from... using a robust database on 
the client. Your options and your flexibili- 
ty for doing data synchronization 
increase. . .both in terms of the application 
performance and the richness and robust- 
ness you can get in that application." 

But don't look for the database 
engines to get any smaller. Although 



mobile devices are famous for their 
resource constraints, the brilliance of 
hardware engineers is putting ever- 
increasing amounts of power in users' 
hands. Oracle's Wang explained that this 
reduces the need for the company to 
spend its time on reducing the footprint 
of the DBMS: "By the time we shrink 
our software, the devices will be much 
more powerful. We think we're small 
enough in that regard." 

What may be more important to cus- 
tomers is providing a flexible solution 
that isn't too closely aligned with a par- 
ticular back end. Microsoft's recently 
released Sync Framework, noted Carra- 
bino, "is not designed to be a proprietary 
technology. We've made it to be a gener- 
ic solution to solve the fundamental 
challenges of synchronizing data." Since 
it came out of the company's SQL Serv- 
er efforts, Sync Framework plays well 
with the long-awaited SQL Server 2008 
via extensions through the ADO.NET 
provider, but "by and large, it's a gener- 
al-purpose synchronization framework." 

PROMISING FUTURE 

So, is synchronization bound to become 
less of a developer's bad dream? Kehl 
believes so: "There's the first stage, 
where people look at it and say, This is 



dead easy; there's nothing to it.' Then 
they realize how complex it is, and they 
say, This is so complex, I can't even 
build a mobile application.' Then they 
get to the third stage, where they realize 
there's software out there and there's 
expertise out there that can make this 
doable." 

Meseck agreed on behalf of IBM, 
saying, "You'll find that there will be 
continued, increasing capability in these 
mobile devices and as that becomes 
more the standard set of features, you'll 
still see specialization outside of it, but I 
think there will be more variation, as 
opposed to specialization. It's a natural 
cycle of the way things occur." But, he 
added, "I don't think the toleration for 
stale data is going to be there for much 
longer. If there's any toleration out 
there, I think it's quickly diminishing." 

Carrabino said, "It's going to be very 
interesting over the next five or 10 years 
to see what kind of applications really 
start coming to life" with synchroniza- 
tion. "I'm curious to see what kind of 
ecosystems start to be created; where 
applications that are sync-enabled start 
participating in a sync ecosystem and 
start collaborating, and all sorts of infor- 
mation starts to get synchronized across 
various applications." I 
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FROM THE EDITORS 

Security Skills Essential 

We endorse the Secure Programming Council's Essential Skills ini- 
tiatives for secure programming. Its emphasis on an effective 
secure development life cycle is the right approach, and it is high time 
the industry cooperated to address security flaws in Web applications. 

Personal and other sensitive information is falling prey to malicious 
hackers that sell it for money or to be used by national intelligence agen- 
cies. In a world filled with consultants, employee turnover, new hires and 
outsourcing, there must be a standard way to assess competency. 

The value of fiat certifications is greatly influenced by the people 
standing behind them. The council has assembled a group of organiza- 
tions both corporate and governmental working under the banner of the 
SANS Institute, and it is pounding the pavement to broaden its support. 
Its value is established and can be relied upon. 

Organizations already participating in the effort include CERT/CC, 
SANS Institute and several U.S. government agencies, in addition to 
leading companies in the United States, Japan, India and Germany. It 
has the big names and resources to make headway. 

The SANS Institute security certification entity, Global Information 
Assurance Certification, has been in operation since 1999 and has the 
gravitas and experience to certify programmers effectively. Also, its tests 
are organized by security-related tasks that programmers perform regu- 
larly and are applicable in real life. 

The aim and scope of the council's efforts are broad and comprehen- 
sive. The Secure Software Programmer Certification Exam for Java/Java 
EE will be the first exam offered, and initiatives are under way for C, 
C+ + , .NET languages, Perl and PHP. The certification approach is also 
ISO 17024-compliant. 

Although there is no single methodology, the council is working to find 
consensus and promote training. In total, the council is doing the right 
things for the right reasons. We can only hope that the long-term effect 
will be a change in how software is developed, to harden systems that are 
vital to commerce, industry and the public sector. 

End for Mobile Development 

Today, software development for mobile devices is a hot topic for 
many enterprises, especially for ensuring that their Web applications 
run properly on smartphones and PDAs. 

Soon, we hope this will be a lost art. Not because mobile devices cease 
to be important. On the contrary, they're becoming more ubiquitous 
every day. But rather, because mobile devices and their networks are 
converging quickly with standard PCs and wireless LANs. Someday, the 
distinction between a mobile app and a standard app will disappear. 

Tim Berners-Lee, director of the World Wide Web Consortium, 
recently laid out a vision of mobile computing that calls for just that. His 
voice speaks not only to his vision, but to the increasing reality. 

Consider that Apple's iPhone contains a full browser, Safari. 

Consider that Sun has said that the differences between Java ME and 
Java SE will narrow and disappear. 

Consider that AJAX and other RIAs transfer much of the workload 
back to the server, reducing the need for memory, power and bandwidth. 

Consider that in the United States, a leading wireless carrier — Verizon 
Wireless — will be opening up its closed network to any device, and any 
application, in early 2008. 

As mobile devices become more powerful, their software stacks edge 
ever close to desktop and notebook PCs. As WiFi becomes more ubiqui- 
tous, and as other wireless networks lower their proprietary barriers, they 
become more like LANs — good news for consumers and business users. 

Even better, it's great news for enterprise software developers and Web 
site creators. Today, it's an expensive extra step to create mobile-friendly 
applications, and all too often, the cost is prohibitive. Soon, it should be 
totally unnecessary to make special mobile applications. We can't wait. I 



Business Intelligence 
In the Age of SOA 



History shows that wherever there 
are software applications, business 
intelligence follows. It used to be possi- 
ble to link BI to a database or data ware- 
house in order to analyze company per- 
formance. Companies would, and still 
do, try to shuttle increasing 
volumes of information into 
data warehouses, and then 
extract it for analysis. 

Getting data into and out of 
the data warehouse turned into 
a complicated chore in its own 
right, but in the past few years 
it's become overwhelming as 
applications have proliferated 
and become more sophisticated. 
Most businesses recognize that 
they need to analyze this information if the 
best decisions are to be made, but they are 
still applying retrospective BI technologies 
and approaches to the problem. 

The most elemental challenge to tra- 
ditional BI is the requirement to analyze 
data as part of a business process, not 
simply to report on it after the fact. In 
order to build BI into processes, BI 
needs to be real-time. This represents a 
seismic shift for an industry that runs on 
batch updates. 

The old architectural approach to 
BI — adding it after applications have 
been built and focusing it on the data- 
base or data warehouse — doesn't make 
sense in an event-driven world. At the 
same time, those events, in a service- 
oriented architecture (SOA), represent 
an unprecedented opportunity for analy- 
sis and action. 

FASTER ISN'T FAST ENOUGH 

The new approach to BI is enabled by 
the flow of data through applications 
and middleware. This means that com- 
panies building a SOA can benefit from 
determining now how BI can help them 
get the most out of their investment. 
Indeed, companies have to add BI to 
SOA — it simply becomes a question of 
how and when they'll do it. 

The traditional route to BI is data- 
base-centric and focuses on giving com- 
panies dashboards for looking at infor- 
mation once it's made its way into the 
data warehouse. But data warehouses 
are out of date. Extracting, transforming 
and analyzing information that's even 
hours old doesn't tell the company what 
to do right now. 

It's not that the data warehouse no 
longer matters in a SOA; it does. But it 
should be understood for what it is — the 
system that affords a look at past perfor- 
mance. So if companies are looking to 
the data warehouse to provide action- 
able information, they've made an ele- 
mental mistake. 




To gain insight, and to achieve the ben- 
efits SOA promises, businesses need to 
view BI differently. There are a few 
approaches that generally get considered. 
The first is BI as a Web service. Some 
analysts have described the traditional 
BI vendors as "sleepwalking 
into SOA," and the vendors 
have reacted by providing 
Web services interfaces. The 
problem is that the data is 
usually coming from a data 
warehouse and therefore is 
old. It also doesn't contain 
process state data, so using 
BI as a service is useful only 
for historical data lookup 
tasks. Companies can wire 
BI tools to operational systems, but this 
introduces a performance impact. 

Next is data as a service. Several mid- 
dleware vendors position their distrib- 
uted query platforms as "data as a ser- 
vice." Here the concept is to offer one 
interface that will provide a heteroge- 
neous join on data retrieved from data- 
bases. Most of these systems have a 
cache built in so that repetitive data 
lookups are faster. This can work well for 
slowly changing dimensions, but as soon 
as significant volumes of data are 
involved, performance suffers. 

Finally, there's event intelligence. 
This approach doesn't rely on queries 
and therefore has no impact on opera- 
tional data sources. Rather, an event 
intelligence approach uses events flow- 
ing through the SOA infrastructure or 
published by BPM tools as its data 
source. Architecturally different from 
traditional, query-based BI, event intel- 
ligence maintains continuous calcula- 
tions in real time, enabling complex cal- 
culations to be built into business 
processes. 

Considering these approaches is use- 
ful when weighing SOA implementa- 
tions. The more fundamental question 
is: When should companies consider the 
different approaches? In most SOA 
approaches, BI is still an afterthought, 
but this is changing rapidly. 

INTELLIGENCE FROM THE GROUND UP 

Industry research firm Ovum suggests 
that approaches to SOA today fall into 
three categories. 

First is the clean slate, in which an 
organization with no legacy code can 
design a SOA from scratch. Also in this 
category are organizations that take a 
strategic approach and evaluate their 
demands for information before they 
consider the technology involved. 

The second approach happens when 
companies view SOA as a development 
pattern and implement it in a technical 
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manner. Almost invariably, the business 
doesn't understand what SOA is and 
conversations about the types of intelli- 
gence users across the business need to 
receive haven't happened. 

There's also a middle-ground 
approach to SOA, in which a line-of- 
business sponsor works with IT to solve 
a defined problem and includes BI to 
analyze certain anticipated questions. 
SOA at the departmental level can be 
useful in some cases, although it doesn't 
address dynamics that push people to 
work cross-functionally 

According to Aberdeen Research, 
the biggest challenge in corporate IT is 
imparting real-time visibility into busi- 
ness operations. Indeed, gaining that 
insight is one of the major justifications 
used for most SOA projects. Software 
professionals must recognize, though, 
that simply building a SOA will not 
make processes more intelligent. Unless 
event intelligence is built in, the new 
architecture will simply automate dumb 
processes. 

FOCUS ON MIDDLEWARE 

The most elegant approach to adding 
event-driven BI to a SOA environment 
is to integrate it from the outset. The 
trend toward middleware-oriented 
development paves the way by promot- 
ing the construction of loosely coupled 
services that deliver flexible applica- 
tions. Now, rather than reporting on 
processes after they occur, BI integrat- 
ed can support decisions in real time. 
The new BI applications do this by 
working with the services that help cre- 
ate the SOA. 

Once the SOA has been built, howev- 
er, bolting BI on after the fact in a loose- 
ly coupled environment becomes an 
architectural mess. In effect, IT must 
reintegrate services that had been loose- 
ly coupled. 

EVENT INTELLIGENCE 

The answer is to build in event intelli- 
gence from the outset of the SOA pro- 
ject. In this way, the business keeps the 
flexibility of the SOA and allows applica- 
tions to be altered or added as business 
needs change — all while gaining access 
to the data needed to power smarter 
decisions. 

The ability to make real-time deci- 
sions opens up new ways of doing busi- 
ness and interacting with customers. 
The first step to getting there is to talk 
with business users and ask what they 
want to measure, and then to use the 
new generation of BI tools to deliver 
that information. 

Does this mean throw out the data 
warehouse? Certainly not — it remains 
the system of record. But it does mean 
that with SOA, you're going to be able to 
use B I in an entirely new way. I 

Charles Nicholls is founder and CEO of 
SeeWhy Software, which sells business 
intelligence software. 



LETTERS TO THE EDITOR 

Rebutting a Mischaracterization 



The Special Report "Ch-Ch-Changes" 
[Nov. 1, page 43] requires a response. It 
describes Perforce's software configura- 
tion management (SCM) system as one 
of the "simpler, less costly branch-and- 
merge tools. ..for small-team projects." 
This characterization of Perforce's tech- 
nology is entirely incorrect. 

Early on, smaller development shops 
adopted Perforce for its ease of use, sim- 
ple installation and comparatively low 
price, but as these small shops have 
grown, so have we. Keeping Perforce's 
performance and scalability at least one 
step ahead of our largest customers' needs 
has been one of our greatest successes. 

In fact, Salesforce.com, whose senior 
release manager offered the lead quote 
in the article, is among the more than 
4,500 organizations worldwide using 
Perforce to manage their source code 
and digital assets. Today, some of our 
larger customers have more than 8,000 
developers and store several terabytes of 
data in Perforce. SAP, National Instru- 
ments, Qualcomm, Washington Mutual 
and Electronic Arts are among our large 
installations. 

Over the last 10 years, we've ensured 
that our technical solution has scaled 
with the needs of our large enterprise 
customers. Your article is inaccurate in 
this respect. 

Nigel Chanter 

Chief Operating Officer 

Perforce Software 

FREE SOFTWARE 

I've just read David Rubinstein's column 
"Free as in Constrained" [Nov. 15, page 
54]. 

Mr. Rubinstein, we are in 2007: An 
editor-in-chief of any software developer 
magazine must surely know about soft- 



ware licenses. The ending of this opin- 
ion article is a blatant attempt to mis- 
guide and plant Fear, Uncertainty and 
Doubt (FUD) over the use of "free soft- 
ware"/ "open software" by the readers. 
Not even in Redmond Magazine would 
this FUD be tried. 

"Free software" is the definition given 
to code published under certain licenses. 
Those licenses provide rights and also 
provide restrictions on their use. Those 
restrictions are there so the code could 
be free before and after being used. 

Without those restrictions, the code 
would lose its freedom. 

Think of those restrictions as limits 
established by law. We, as free men and 
women, have rights. And we are also 
restricted by laws and their limits. Are 
we really not free because we cannot do 
anything that we want to? Are we really 
not free because we have to abide by the 
existing laws? 

It's the same thing with "free soft- 
ware," which is not really a clear term in 
the English language, as "free" can be 
either "free as in freedom" or "free as in 
no cost." They're different. 

That's why I prefer to use the term 
"open source." This term shows that the 
"source" (code) is available under an 
"open" license. And, as any license, it 
has do's and don't s. 

Josep L. Guallar-Esteve 

Member of IEEE - Computer.org 

CLARIFICATION 

Green Hills Software customers can still 
purchase Express Logic's ThreadX real- 
time operating system under the terms of 
a reseller agreement that will not expire 
until Dec. 10, 2008. An article in the Oct. 
15 edition of SD Times failed to state this 
option for Green Hills customers. 
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Dear Newspaper Advice Lady: You 
know those cartoons of the frustrated 
worker? Red cheeks, check valves for his 
pupils, popped-out collar stays and steam 
coming out of his ears? That's me. I can't 
ask anyone else for advice — only you can 
help me. You see, I am a bit of an advice- 
giver myself: I write a column for a soft- 
ware development newspaper. Nothing 
fancy, just a few hundred words on 
trends, practices that have proven to be 
worthy, and probably more references to 
Prolog than are strictly necessary. Now, 
though, the only thing that I can think to 
write is "Software cannot be developed 
without testing!" and then cutting and 
pasting 100 times. And you know how 
editors are about "stunt" columns. 

Let me give you some background. I 
engaged with a small company about 
rapidly developing some features for 
clients unhappy about the overall speed of 
system development. Pretty typical stuff: 
Pick some low-dangling fruit that's never 
been given high priority, get some easy 
"wins" to take the pressure off. 

What was supposed to be a simple 
automation task turned out to require not 
only supervision but also a large amount 
of "manual overrides" of this and that 
parameter. Who gave the client the 
impression that the system had "manual 



Larry in Real Life 

overrides"? Me. When I was developing 
it, and a funky input value created an 
erroneous output, I said, "I can manually 
override that," and then inserted a "mag- 
ic number" into my code. I'm so 
ashamed! But it gets even worse, as the 
next month's run showed funky values to 
be a regular occurrence, which, of course, 
I should have known since 
funky values are like cock- 
roaches: If you see one, you've 
got a hundred. 

Rather than step back and 
evaluate the dramatically 
changed context, I plowed for- 
ward. I began working with 
"Bob," a Web programmer 
charged with creating the 
supervisory UI. 

I use the word "program- 
mer" provisionally. I've never 
with someone as anti-productive. I think 
he's a refugee from the "Dilbert" mirror 
universe, in which he's a pointy-haired 
programmer, a perversion of all I hold 
dear. The only time he's used version 
control (only time, I swear) was when he 
gave up working on a buggy Web page, 
and I said to give it to me to fix — he 
checked in the buggy version. And when 
I say buggy Web page, I'm not talking 
about a CSS problem. (Not that Bob uses 




■ 

worked 



CSS. Once he gets an effect he likes, he 
just cuts and pastes that -:W:> until he's 
done). The bug related to the way the 
Web page looped over its database 
access. Bob uses ColdFusion, a system 
that can be very productive and profes- 
sional, but in the hands of a perverse 
pointy-haired programmer can create 
unimaginably nasty code hair- 
balls. 

Yesterday morning, the 

on-site client said that while 

a certain page allowed her to 

override funky values, she 

couldn't add a value when 

the funk was NULL. I 

glanced at the page and saw 

the "Add value" was inside a 

■:C"l00p:- that was iterating 

over yet more database 

access (SQL Injection? Bob's never 

heard of it). I asked Bob to move the 

button outside the loop and began a 

daylong coding session trying to 

reverse-funk the inputs. 

Before finishing, I asked him what the 
status of the fix was (he ignores the task- 
management software). He said he'd 
uploaded it to the test server. "But did you 
test it?" I asked. "Works fine," he assured 
me, before admitting that it hadn't 
appeared on the actual test site because of 
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a caching issue. When I voiced my doubts, 
he insisted, and I actually called the sysad- 
min at home to reboot the system. 

As you will guess, when I checked this 
morning, the Web page was still broken 
and when I checked the file itself, I could 
see it was the original. After a 20-minute 
"conversation" of increasing volume, Bob 
said, "Oh, I see! You were looking at 
/Test Site. I uploaded it to a brand- 
new /TestSiteNew" When I shared my 
view of that decision, he said, "Control 
your temper, man." 

Here's my question: Should I walk 
away? The youngish manager (my 
client) is a good guy, he's got the right 
tools in place, and he's got some good 
developers. But like many small shops, 
they don't have whip-crack discipline 
and are for whatever reason willing to 
tolerate Bob's antics. I contributed to 
the quagmire with flawed task selection 
and, even more important, bulling for- 
ward when the task changed its nature. 
What should I do? Walk or try to be a 
change agent? 

Signed, 

KonaKoder 
PS. Bob "fixed" the problem not by 
moving the button outside the loop, but 
by deleting the loop. Is he just jerking 
my chain? I 

Larry O'Brien is a technology consul- 
tant, analyst and writer. Read his hlog at 
www. knowing, net. 
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When BPM, SOA Are DOA 



At the SOA Executive Forum this 
year, I led a panel titled "Bridging 
the Gap Between BPM and SOA." Of 
course, the normal debate took place: 
Where is the fit? When is the fit? What 
is the fit? And why do we need this? 
Truth be told, while many see the fit 
with SOA and BPM, as I do at times, 
there are times when it's not a fit, and 
users need to be aware of that fact. 

Let's first consider the notion behind 
SOA. We externalize services and build 
new services to provide the opportunity 
for a solution, but it's not a solution unto 
itself. From there we move up into the 
solution layer of the SOA, or into places 
where the services are assembled into a 
solution. What's cool about this layer is 
that it provides the agility concept for 
SOA. In essence we're able to put 
volatility into this domain and configure 
and reconfigure solutions using and 
reusing existing services. That's SOA. 

So, the debate is around what's at that 
solutions layer. Indeed, you can put in 
one or all of the following: a SOBA (ser- 
vice-oriented business application), 
workflow or business process manage- 
ment. While opinions vary, I would 
include orchestration, chorography and 
proprietary business process manage- 
ment within the notion of business 



process management. So, who's right? 

There is no one right answer. Indeed, 
SOA is all about architecture, which is 
all about options. Thus, the way in which 
you assemble your services into a solu- 
tion is going to be domain-dependent. 
However, it's important to understand 
the core patterns. 

Those who need to exter- 
nalize services to humans may 
find that SOBA is a much 
better approach to service 
composition than process- 
based technology. In fact, 
most process-based technolo- 
gy, even workflow, does a 
lousy job at interacting with 
humans. So, you pick AJAX 
development tools, Java 
development tools and an 
application server, or something that's 
able to bind many back-end services into 
an application with a traditional user 
interface. While some don't think this 
replaces process-based technology, in 
many cases I find that SOBA is the only 
composition technology required — thus 
it's the way we create the solutions. 

Workflow, which seems so 1990s, is 
actually a valuable asset in the world of 
SOA. Indeed, we would use workflow 
instead of "traditional" process-based tech- 




nology for the following requirements: 

• When we have to call out to a human 
being to make a decision, such as approv- 
ing a work order or an expense report. 
This is really the key reason. 

• When the processing is lightweight and 
doesn't need heavy-duty transactions. 

• When the service collections form pat- 
terns and thus are more 
amendable to workflow. 

With the workflow solution, 
you still have all of the advan- 
tages, such as keeping volatility 
in a single domain and compos- 
ability of services. However, this 
is typically contraindicated 
when you need more process 
and fewer people. 

More process-oriented so- 
lutions, such as proprietary 
process management solutions, orchestra- 
tion and chorography, in essence, define 
their own approach to service composi- 
tion. Again, no one answer works here. 

One would look at orchestration when 
attempting to create a solution with a 
centralized composition engine, where 
the services are bound together to form 
new composite services. Indeed, orches- 
trations are services and have attributes 
of services, such as WSDL. Moreover, 
they are very synchronous in nature. 



Chorography, on the other hand, 
approaches composition by defining how 
the services interact, or allowing the ser- 
vices to "leverage" each other in a style 
that's more asynchronous. So, the services 
work together to form the composition, 
versus orchestration where they are more 
bound together. Get the difference? 

Or you can go the proprietary route 
and leverage BPM tools that don't really 
leverage standards and approach process 
integration and service composition in 
their own way. While the downsides are 
obvious, a lot of these tools have many 
more years of experience than the SOA 
tools that have recently hit the market. 

So, there are many options when it 
comes to service compositions that don't 
include BPM-oriented technology, and 
they work just fine. However, what's most 
important is that you understand not only 
what the options are, but also how to 
understand your own requirements to fig- 
ure out the right architecture. This 
includes a complete metadata-, services- 
and process-level understanding of your 
problem domain. Other things to consider 
are governance, performance and security. 

At that point, you'll find the right solu- 
tion is obvious. In some instances, it may 
include BPM-oriented tools, but it's not 
always the right solution. I 

David S. Linthicum is a managing 
partner at ZapThink. Reach him at 
david@zapthink. com. 
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In my previous column, I discussed the 
latest release of IntelliJ IDEA from Jet- 
Brains, which I consider to be the best 
Java IDE available, and well worth the 
price despite the availability of very fine 
competing open source IDEs. I now will 
explore two free alternatives: the unher- 
alded JDeveloper from Oracle in this col- 
umn, and the new major release of Net- 
Beans from Sun in my next. 

To grok JDeveloper (free at www 
.oracle.com/technology/products/jdev), it 
helps to know its history. It was originally a 
paid product, costing nearly US$1,000. In 
those days, it was a derivative of Borland 
JBuilder. Eventually, Oracle rewrote JDe- 
veloper internally to pursue its desire for 
greater integration with enterprise tech- 
nologies. Originally, Oracle fumbled this 
process by making JDeveloper primarily 
an Oracle-oriented product. But later re- 
leases showed integration with many data- 
bases and most app servers. What im- 
pressed me most at that time with 
JDeveloper was the ease of navigation. It 
lacked Eclipse s cumbersome, heavy feel. 
It also provided features no other 
IDE considered. For example, JDevel- 
oper embedded a scaled-down Java EE 
container in the IDE (it's based on the 
OC4J app server that Oracle acquired 
years ago from Orion). This feature 



Free as in IDE 



enables you to develop Java EE projects 
and test them locally from within the 
IDE with a single mouse click. Sweet. 

Three years ago, Oracle began giving 
away JDeveloper (although it's still closed 
source). And in the process, the company 
shifted gears: Rather than actively pro- 
mote and develop the product, it was 
retargeted as being Oracle's 
principal internal Java IDE. If 
you wanted a copy of it, you 
could certainly get it, but the 
company was no longer in the 
hunt to add ever more elabo- 
rate and unnecessary features. 

For example, JDeveloper 
does not support C++ coding 
as Eclipse and NetBeans do. 
Oracle's de-emphasis of JDe- 
veloper continued in other 
areas; developer tools were now folded 
into the middleware products. 

Middleware? Yup, that's where they 
were demo'ed at Oracle Open World this 
year in San Francisco and where they are 
on the Web site. JDeveloper was also tied 
to Oracle's DBMS product version num- 
bers. Because the numbers have to be in 
sync with the flagship database product, 
the last major release of JDeveloper was 
numbered 10.1.3.2, meaning there's no 
way for users to tell from release numbers 



Integration Watch 




what's a major release and what isn't. With 
all this devaluation going on, JDeveloper 
slipped off my radar 18 months ago. 
Recently, as the company has begun test- 
ing release candidates for JDeveloper 11,1 
went back to check out what's new and dif- 
ferent. And I confess I'm very impressed. 
First, the navigation and ease of use 
have improved. I believe JDe- 
veloper is truly the only IDE in 
which a new user can set up a 
project for existing code and be 
able to compile, run and even 
profile the code (for perfor- 
mance and memory usage) 
without recourse to help. The 
only peculiarity is that JUnit 
has to be downloaded and in- 
stalled as a plug-in (a trivial 
task, but one that needs a 
lookup in help to figure out). 

The enterprise features are extensive. 
JDeveloper has UML diagramming 
tools for the most used diagrams (use 
case, class, sequence), plus the expected 
editors for XML (and XSLT, Xquery and 
XSQL). Database connectivity is robust- 
ly supported as well — no surprise there. 
JSF, one of Oracle's pet projects, is a key 
technology, with wizards and numerous 
tools. Also, there are numerous features 
supporting Oracle's own Java application 



technology, called Oracle Application 
Development Framework. 

Web services benefit from many tools, 
such as the full array of standard capabili- 
ties, plus a WSDL editor and an HTTP 
analyzer. Eventually, the BPEL designer 
from the 10.1.3.x version of JDeveloper 
will be added to this release, although it's 
not yet included in the release candidate. 
This version does add considerable sup- 
port for AJAX, including editors and a 
debugger for JavaScript. 

There are a few limitations that you 
should know about. JDeveloper's support 
for mobile is limited. Also, because the 
community is primarily internal to Oracle, 
the collection of plug-ins is not nearly as 
great as that of its competitors. But, there 
are plug-ins for the major SCM products 
(CVS and Subversion are built in, while 
Perforce, ClearCase and Dimensions are 
accessible via plug-ins), PMD, AspectJ 
and a few other packages. 

However, for most purposes, JDevel- 
oper has all you need, and probably more. 
It might well be the most user-friendly, 
feature-complete, free Java IDE available 
today. My look at NetBeans 6 in my next 
column will enable us to make a final 
determination in this regard, but for the 
moment JDeveloper is looking surprising- 
ly strong. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his hlog at 
binstock. hlogspot. com. 
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Data Does the Driving 



Industry Watch 



This is the time most publications wax 
nostalgic over the year that was, 
recounting the highlights and lowlights, 
and trying to put it all in perspective. 
Count us among them: SD Times will 
publish its traditional "Year in Review" 
issue Jan. 1. 

So, what to write about in this, the 
final issue of 2007? Why, what we can 
expect in 2008, of course. 
You've got to see where you're 
going to know where you've 
been. . .or something like that! 

Anyway, with the help of 
Daniel Chait, founder of soft- 
ware consulting company 
Lab49, here are some recent 
trends that are poised to cross 
the chasm, pass the tipping 
point and take off. 

The first area that will 
become much more commonplace in 
2008 is data streaming, otherwise known 
as complex event processing. CEP, which 
had been relegated to highly specialized 
applications such as financial trading, will 
make its way into retail and other markets 
that have a need to perform calculations 
on data and see patterns in near real time. 

The financial services industry has dri- 
ven CEP, because institutional, algorithm- 
driven trading has led to massive increases 
in trading volume. "The old method of 
store and process for data is falling by the 
wayside," Chait said. "Writing processes in 
batch jobs at the end of the day is increas- 
ingly inadequate." Financial services com- 
panies need information on activity, trad- 
ing and market information throughout 




the day to remain competitive. 

Complex event processing came out of 
the world of academia, Chait noted, where 
the work was focused on processing data 
from sensors. In the area of weather pre- 
diction, sensors that can collect data on 
temperature, humidity and wind speed 
need to be read in real time to be useful. 
For retail, Chait said companies can 
analyze traffic and consumer 
patterns. "Using CEP engines, 
they can do clicksteam analysis 
to see what's going into a shop- 
ping cart, what add-ons are 
being chosen, when dropouts 
are occurring," he said. A 
company might use that data 
analysis to decide to mark 
down a certain item on its 
Web site for a certain time 
"* "* i period of the day to drive slug- 
gish sales, for example. 

This need to handle massive amounts 
of data and transactional information will 
give rise to wider implementation of par- 
allel and distributed computing, Chait 
believes — the second trend that he sees 
coming into its own in 2008. "This type of 
massive data streaming is beyond the 
capabilities of the fastest computers out 
there," he said. "We need distributed data 
caching and grid computing to handle it." 
The use of multicore processors is 
creating challenges for developers look- 
ing to take advantage of the increased 
computing power. "It's not simply a giv- 
en that an application will run twice as 
fast on a dual-core machine," Chait not- 
ed. "The application has to be architect- 



ed" in a way to best utilize such features 
as failover and provisioning. 

Microsoft has come out with utilities 
around parallel computing, Chait point- 
ed out, to enable developers to write 
applications in the way they're most 
comfortable and have the machines do 
the parallelization of the applications. 

So, with increasingly large numbers of 
events occurring in these systems, and 
multicore processors being created to han- 
dle the burgeoning load, what must follow 
is a way to make sense of all the data being 
pumped out of these systems. That, 
according to Chait, will lead to a growth in 
the data visualization market in 2008. 

"Developers need to think about new 
ways of conceptualizing and presenting 
these massive amounts of real-time data 
in a way people can grasp and make 
sense out of, and have it delivered over 
the Web on a browser," Chait said. 

Web applications will continue to look 
and act more and more like client/server 
applications, with all the interactivity, 
charts, animations and multiple windows. 

He believes Microsoft, with its Win- 
dows Presentation Foundation technology 
for next-generation graphics display, will 
have the greatest impact because of the 
company's reach, and added that Adobe, 
with its Flex technology, will continue to 
make inroads and gain market share. 

Look for such things as 3D graphics 
and transparency to have greater uptake 
in the year ahead, Chait added. 

But before then, we'll take a look at 
how we got here with a review of 2007. 
Happy holidays, everyone, and we'll see 
you back here next issue — and next year. I 



David Rubinstein 
SD Times. 



editor-in-chief of 
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Microsoft has completed construction on new headquarters for its 
research division, the first of seven new buildings planned for the 
company's West Campus construction project, in Redmond. In 
2006, the company announced it would expand its Puget Sound 
area holdings by 3.1 million square feet; that has now grown to 5.5 
million square feet. The West Campus project, due to be complet- 
ed in April 2009, will house an expanded Entertainment and 
Devices division, as well as a post office, bookstore and 12 food 
outlets. "Continuing to build a world-class campus in Redmond is 
critical to a company like Microsoft that has innovative people as 
its greatest asset," said Microsoft CFO Chris Liddell in a statement 
. . . Intellectual property protection software company Macrovision 
has signed a definitive agreement to acquire specific technology 
assets from Cryptography Research, including Self-Protecting 
Digital Content technology, upon which is built BD+— adopted by 
the Blu-ray Disc Association as another layer of content protection 
for movies. An important feature of BD+ is that it can respond to 
security threats, which previous DVD security technologies could 
not do. The acquisition will cost Macrovision approximately US$45 
million in cash plus warrants for Macrovision stock. 

EARNINGS: BEA Systems announced an 11 percent increase in 
quarter-over-quarter revenues and a 59 percent gain in GAAP net 
income for its 2007 third fiscal quarter ended Oct. 31. For the peri- 
od, revenues were US$384.4 million, compared with $347.6 million 



for the same period in 2006. The company, which in October 
rejected a purchase offer from Oracle, posted GAAP net income of 
$56 million, or 13 cents per share, up from $35.1 million, or 8 cents 
per share, a year ago. "Our third quarter results demonstrate con- 
tinuation of the business momentum we built in the second quar- 
ter. In spite of significant distractions during the quarter, the team 
did an outstanding job executing to our revenue plan and generat- 
ing a strong pipeline of business," said Alfred Chuang, BEA's CEO, 
in a statement. In its filing, BEA noted that its AquaLogic products, 
for business-driven SOA, accounted for 27 percent of the compa- 
ny's license revenue . . . Salesforce.com announced record rev- 
enue of US$192.8 million for its 2007 third fiscal quarter ended 
Oct. 31. The company has raised its outlook, now expecting to pass 
$1 billion in revenue in fiscal 2009, according to its financial state- 
ment for the quarter. GAAP net income was $65 million, or 5 cents 
per share . . . Hewlett-Packard reported fiscal 2007 net revenue 
of US$104.3 billion while its board of directors approved an $8 bil- 
lion share repurchase program. HP chairman and CEO Mark Hurd 
cited sharp improvement in the company's software segment as 
one of the reasons for strong fourth-quarter performance; the 
company took in $3.7 billion in revenue for the period. Hurd said HP 
added $12 billion in new revenue this year; however, the company's 
SEC filing did not break out how much of that is attributable to the 
Mercury Interactive acquisition. For the year, non-GAAP operating 
profit was $9.6 billion, or $2.93 per share. I 
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Development World 

Alexandria, Va. 
SDW 

www.securedevelopmentworld.com 
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Conference 
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For a more complete calendar of U.S. software 
development events, see www.bzmedia.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 



Software Development Times (ISSN 1528-1965) is published 24 times per year by BZ Media LLC, 7 High St., Ste. 407, Huntington, NY 11743. Periodicals postage paid at Huntington, NY, and additional offices. SD Times is a registered trademark of BZ Media LLC. All contents © 2007 BZ Media LLC. 
All rights reserved. The price of a one-year subscription is US$179 for subscribers in the U.S., $189 in Canada, $229 elsewhere. POSTMASTER: Send address changes to SD Times, PO Box 2169, Skokie, IL 60076. SD Times subscriber services may be reached at sdtimes@halldata.com or by calling +1-847-763-9692. 



The Future of Software Testing... 




A BZ Media Event 



Stretch your mind at 
FutmcTcst 200S — 
an intense two-day 
conference for executive 
and senior-level 
managers involved 
with software testing 
and qua Lin' assurance. 
Our nine visionary 
keynotes and two- 
hand-hittaTag pa»ct 
discussions will inform 
you, challenge you 
an J inspire yun. 



Software Test 
& Performance 



www.futu rctest . net 



SICK AND TIRED 



OF MflNUflL TESTING? 




TestComolete 



J. automate your tests 



Test.NET Delphi Java 
Web Automated Windows Test Desktop 

Load Easy Vista Test Synchronized 

Fast Distributed Powerful Client/Server 

Time-to-MarketTesi BlackBox Automate 



| Record Test Checkpoints 
I Easy Grid Tests 



BSD Better & Faster Web Tests 



Test Your 64-bit Apps 



I Test Your Web Services 




FREE TRIAL - DOWNLOAD NOW 
w w w. testco m pi ete.com 



AutomatedQA 

test,, debu^ deliv-erE^^ 

702-891-9424 



